Software Inventory Message and Attributes for PA-TNC (SWIMA) » History » Version 22
Version 21 (Andreas Steffen, 22.06.2017 13:45) → Version 22/27 (Andreas Steffen, 22.06.2017 14:13)
h1. Software Inventory Message and Attributes for PA-TNC (SWIMA)
{{>toc}}
h2. Starting PT-TLS Server Daemon
The PT-TLS server based on the strongSwan systemd daemon is usually started automatically at boot time with the command
<pre>
systemctl start strongswan-swanctl
</pre>
First all the PA-TNC attribute definitions from the IETF, TCG, ITA-HSR and PWG namespaces are loaded. The IMVs to by dynamically loaded are read from _/etc/tnc_config_.
<pre>
Jun 22 12:31:28 koala systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
Jun 22 12:31:28 koala charon-systemd[12088]: TNC recommendation policy is 'default'
Jun 22 12:31:28 koala charon-systemd[12088]: loading IMVs from '/etc/tnc_config'
Jun 22 12:31:28 koala charon-systemd[12088]: added IETF attributes
Jun 22 12:31:28 koala charon-systemd[12088]: added ITA-HSR attributes
Jun 22 12:31:28 koala charon-systemd[12088]: added PWG attributes
Jun 22 12:31:28 koala charon-systemd[12088]: added TCG attributes
Jun 22 12:31:28 koala charon-systemd[12088]: libimcv initialized
</pre>
The OS IMV is loaded as a dynamic library and attached to the TNC server.
<pre>
Jun 22 12:31:28 koala charon-systemd[12088]: IMV 1 "OS" initialized
Jun 22 12:31:28 koala charon-systemd[12088]: IMV 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001
Jun 22 12:31:28 koala charon-systemd[12088]: IMV 1 "OS" loaded from '/usr/lib/ipsec/imcvs/imv-os.so'
</pre>
The SWIMA IMV is loaded as a dynamic library and attached to the TNC server.
<pre>
Jun 22 12:31:28 koala charon-systemd[12088]: IMV 2 "SWIMA" initialized
Jun 22 12:31:28 koala charon-systemd[12088]: IMV 2 supports 1 message type: 'IETF/Software' 0x000000/0x00000009
Jun 22 12:31:28 koala charon-systemd[12088]: IMV 2 "SWIMA" loaded from '/usr/lib/ipsec/imcvs/imv-swima.so'
</pre>
The strongSwan daemon loads all required plugins and goes into multi-threading mode so that multiple PT-TLS connections can be handled
<pre>
Jun 22 12:31:28 koala charon-systemd[12088]: loaded plugins: charon-systemd charon-systemd random nonce x509 tpm openssl revocation constraints pubkey pkcs1 pkcs8 pkcs12 pem tnc-imv tnc-pdp tnc-tnccs tnccs-20 kernel-netlink socket-default sqlite curl vici
Jun 22 12:31:28 koala charon-systemd[12088]: spawning 16 worker threads
</pre>
Multiple PT-TLS server and CA certificates are loaded into the daemon
<pre>
Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=MSE, OU=TSM_ITSec, CN=mse2.strongswan.org'
Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=strongSec GmbH, CN=koala.strongsec.com'
Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=strongSec GmbH, CN=koala.strongsec.com'
Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA'
Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA'
</pre>
The actual loading is done by the *swanctl* command line tool which transfers the certificates to the daemon via a Unix socket.
<pre>
Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509/MSE2_Cert.pem'
Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509/koala_AIK_ECC_Cert.pem'
Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509/koala_AIK_RSA_Cert.pem'
Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509ca/strongsecCaCert.pem'
Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509ca/MSE_CA_Cert.pem'
</pre>
The first server certificate has a matching ECDSA private key loaded from file
<pre>
Jun 22 12:31:28 koala charon-systemd[12088]: loaded ECDSA private key
</pre>
The second server certificate has a matching ECDSA key protected by a TPM 2.0
<pre>
Jun 22 12:31:28 koala charon-systemd[12088]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES MGF1 KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 ECMQV KDF1_SP800_108 ECC SYMCIPHER CTR OFB CBC CFB ECB
Jun 22 12:31:28 koala charon-systemd[12088]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
Jun 22 12:31:28 koala charon-systemd[12088]: TPM 2.0 via TSS2 available
Jun 22 12:31:29 koala charon-systemd[12088]: AIK signature algorithm is ECDSA with SHA256 hash
Jun 22 12:31:29 koala charon-systemd[12088]: loaded ECDSA private key from token
</pre>
The third server certificate has a matching RSA key protected by a TPM 2.0
<pre>
Jun 22 12:31:29 koala charon-systemd[12088]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES MGF1 KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 ECMQV KDF1_SP800_108 ECC SYMCIPHER CTR OFB CBC CFB ECB
Jun 22 12:31:29 koala charon-systemd[12088]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
Jun 22 12:31:29 koala charon-systemd[12088]: TPM 2.0 via TSS2 available
Jun 22 12:31:29 koala charon-systemd[12088]: AIK signature algorithm is RSASSA with SHA256 hash
Jun 22 12:31:29 koala charon-systemd[12088]: loaded RSA private key from token
</pre>
Again it is the *swanctl* tool which loads the private keys or determines the IDs of keys residing on smartcard or TPM devices.
<pre>
Jun 22 12:31:29 koala swanctl[12107]: loaded ecdsa key from '/etc/swanctl/ecdsa/MSE2_Key.pem'
Jun 22 12:31:29 koala swanctl[12107]: loaded key token_ak_ecc from token [keyid: 8e70ca6665cd2e6c7893e407cb9a7cd6264d714f]
Jun 22 12:31:29 koala swanctl[12107]: loaded key token_ak_rsa from token [keyid: ce431f647d549f759267422f4097c874e2eca547]
</pre>
The PT-TLS server is now up and ready to accept connections on the default TCP port 271.
<pre>
Jun 22 12:31:29 koala systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
</pre>
h2. Accepting PT-TLS Client Connection
A PT-TLS client connects to the PT-TLS server and does a TLS 1.2 handshake to establish a secure socket
<pre>
Jun 22 12:34:56 koala charon-systemd[12088]: accepting PT-TLS stream from 46.126.238.39
Jun 22 12:34:56 koala charon-systemd[12088]: entering PT-TLS negotiation phase
Jun 22 12:34:56 koala charon-systemd[12088]: negotiated TLS 1.2 using suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Jun 22 12:34:56 koala charon-systemd[12088]: sending TLS server certificate 'C=CH, O=MSE, OU=TSM_ITSec, CN=mse2.strongswan.org'
Jun 22 12:34:56 koala charon-systemd[12088]: sending TLS cert request for 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA'
Jun 22 12:34:56 koala charon-systemd[12088]: sending TLS cert request for 'C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA'
Jun 22 12:34:56 koala charon-systemd[12088]: received TLS peer certificate 'C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com'
Jun 22 12:34:56 koala charon-systemd[12088]: using certificate "C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com"
Jun 22 12:34:56 koala charon-systemd[12088]: using trusted ca certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
Jun 22 12:34:56 koala charon-systemd[12088]: checking certificate status of "C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com"
Jun 22 12:34:56 koala charon-systemd[12088]: using trusted certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
Jun 22 12:34:56 koala charon-systemd[12088]: crl correctly signed by "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
Jun 22 12:34:56 koala charon-systemd[12088]: crl is valid: until Jun 25 10:00:01 2017
Jun 22 12:34:56 koala charon-systemd[12088]: using cached crl
Jun 22 12:34:56 koala charon-systemd[12088]: using trusted certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
Jun 22 12:34:56 koala charon-systemd[12088]: crl correctly signed by "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
Jun 22 12:34:56 koala charon-systemd[12088]: crl is valid: until Jun 23 10:00:01 2017
Jun 22 12:34:56 koala charon-systemd[12088]: using cached crl
Jun 22 12:34:56 koala charon-systemd[12088]: certificate status is good
Jun 22 12:34:56 koala charon-systemd[12088]: reached self-signed root ca with a path length of 0
</pre>
The PT-TLS protocol is started skipping SASL-based client authentication because the client already authenticated itself during the TLS handshake.
<pre>
Jun 22 12:34:56 koala charon-systemd[12088]: received PT-TLS message #0 of type 'Version Request' (20 bytes)
Jun 22 12:34:56 koala charon-systemd[12088]: sending PT-TLS message #0 of type 'Version Response' (20 bytes)
Jun 22 12:34:56 koala charon-systemd[12088]: negotiated PT-TLS version 1
Jun 22 12:34:56 koala charon-systemd[12088]: doing SASL client authentication
Jun 22 12:34:56 koala charon-systemd[12088]: skipping SASL, client already authenticated by TLS certificate
Jun 22 12:34:56 koala charon-systemd[12088]: sending PT-TLS message #1 of type 'SASL Mechanisms' (16 bytes)
</pre>
The PT-TLS protocol switches to the data transport phase and a TNCCS (PB-TNC) connection is instantiated
<pre>
Jun 22 12:34:56 koala charon-systemd[12088]: entering PT-TLS data transport phase
Jun 22 12:34:57 koala charon-systemd[12088]: received PT-TLS message #1 of type 'PB-TNC Batch' (337 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: assigned TNCCS Connection ID 1
</pre>
An OS IMV instance is created for this PB-TNC connection
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
Jun 22 12:34:57 koala charon-systemd[12088]: over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes
Jun 22 12:34:57 koala charon-systemd[12088]: user AR identity 'C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com' of type X.500 DN authenticated by certificate
Jun 22 12:34:57 koala charon-systemd[12088]: machine AR identity '46.126.238.39' of type IPv4 address authenticated by unknown method
</pre>
A SWIMA IMV instance is created for this PB-TNC connection
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
Jun 22 12:34:57 koala charon-systemd[12088]: over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes
</pre>
The PB-TNC connection is now initialized and goes into Handshake mode
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 "OS" changed state of Connection ID 1 to 'Handshake'
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" changed state of Connection ID 1 to 'Handshake'
</pre>
The first PB-TNC client batch is received containing two PA-TNC messages
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: received TNCCS batch (321 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling inbound connection
Jun 22 12:34:57 koala charon-systemd[12088]: processing PB-TNC CDATA batch for Connection ID 1
Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Init' to 'Server Working'
Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-Language-Preference message (31 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-PA message (230 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-PA message (52 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: setting language preference to 'en'
</pre>
The first PA-TNC message is of type *IETF / Operating System* and contains some IETF standard attributes sent by the OS IMC
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 "OS" received message for Connection ID 1 from IMC 1
Jun 22 12:34:57 koala charon-systemd[12088]: => 206 bytes @ 0x7ff810004f10
0: 01 00 00 00 6F 69 67 01 00 00 00 00 00 00 00 02 ....oig.........
16: 00 00 00 17 00 71 32 00 00 55 62 75 6E 74 75 00 .....q2..Ubuntu.
32: 00 00 00 00 00 00 04 00 00 00 1B 0C 31 36 2E 30 ............16.0
48: 34 20 78 38 36 5F 36 34 00 00 00 00 00 00 00 00 4 x86_64........
64: 00 03 00 00 00 1C 00 00 00 10 00 00 00 04 00 00 ................
80: 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 ................
96: 00 24 03 01 00 00 32 30 31 37 2D 30 36 2D 31 39 .$....2017-06-19
112: 54 31 34 3A 31 38 3A 33 35 5A 00 00 00 00 00 00 T14:18:35Z......
128: 00 0B 00 00 00 10 00 00 00 01 00 00 00 00 00 00 ................
144: 00 0C 00 00 00 10 00 00 00 00 00 00 90 2A 00 00 .............*..
160: 00 08 00 00 00 34 35 64 39 35 30 32 31 33 39 36 .....45d95021396
176: 64 32 34 31 35 65 35 63 35 33 63 61 32 64 65 61 d2415e5c53ca2dea
192: 36 66 62 63 31 63 32 33 38 37 63 35 36 61 6fbc1c2387c56a
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC message with ID 0x6f696701
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
</pre>
This is the OS information contained in the PA-TNC attributes
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: operating system name is 'Ubuntu' from vendor Canonical
Jun 22 12:34:57 koala charon-systemd[12088]: operating system version is '16.04 x86_64'
Jun 22 12:34:57 koala charon-systemd[12088]: operating system numeric version is 16.4
Jun 22 12:34:57 koala charon-systemd[12088]: operational status: operational, result: successful
Jun 22 12:34:57 koala charon-systemd[12088]: last boot: Jun 19 14:18:35 UTC 2017
Jun 22 12:34:57 koala charon-systemd[12088]: IPv4 forwarding is enabled
Jun 22 12:34:57 koala charon-systemd[12088]: factory default password is disabled
Jun 22 12:34:57 koala charon-systemd[12088]: device ID is 5d95021396d2415e5c53ca2dea6fbc1c2387c56a
</pre>
The second PA-TNC message is of type *IETF / Software* and contains a PA-TNC segmentation contract request
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2
Jun 22 12:34:57 koala charon-systemd[12088]: => 28 bytes @ 0x7ff810005860
0: 01 00 00 00 19 74 B7 4E 00 00 55 97 00 00 00 21 .....t.N..U....!
16: 00 00 00 14 00 98 96 80 00 01 FF B8 ............
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC message with ID 0x1974b74e
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
</pre>
This is the decoded segmentation contract request
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 received a segmentation contract request from IMC 2 for PA message type 'IETF/Software' 0x000000/0x00000009
maximum attribute size of 10000000 bytes with maximum segment size of 131000 bytes
</pre>
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0xa41e0787
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 28 bytes @ 0x7ff810000a00
0: 01 00 00 00 A4 1E 07 87 00 00 55 97 00 00 00 22 ..........U...."
16: 00 00 00 14 00 98 96 80 00 01 FF B8 ............
Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
</pre>
The OS IMV also sends a segmentation contract request for PA message type *IETF / Operating System*
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 requests a segmentation contract for PA message type 'IETF/Operating System' 0x000000/0x00000001
maximum attribute size of 100000000 bytes with maximum segment size of 131000 bytes
</pre>
The strongTNC policy manager assigns a session ID and issues a single SWIDT workitem
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: assigned session ID 2 to Connection ID 1
Jun 22 12:34:57 koala charon-systemd[12088]: running policy script: 2>&1 ipsec imv_policy_manager start 2
Jun 22 12:34:57 koala charon-systemd[12088]: policy: imv_policy_manager start successful
Jun 22 12:34:57 koala charon-systemd[12088]: SWIDT workitem 9
</pre>
The OS IMV has not been assigned any work items by the policy manager and therefore terminates gracefully
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 has no workitems - no evaluation requested
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0x916d188f
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/Remediation Instructions' 0x000000/0x0000000a
Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 117 bytes @ 0x7ff810004f20
0: 01 00 00 00 91 6D 18 8F 00 00 00 00 00 00 00 09 .....m..........
16: 00 00 00 10 00 00 00 04 00 00 00 00 00 00 00 0A ................
32: 00 00 00 5D 00 00 00 00 00 00 00 02 00 00 00 42 ...]...........B
48: 49 50 20 50 61 63 6B 65 74 20 46 6F 72 77 61 72 IP Packet Forwar
64: 64 69 6E 67 0A 20 20 50 6C 65 61 73 65 20 64 69 ding. Please di
80: 73 61 62 6C 65 20 74 68 65 20 66 6F 72 77 61 72 sable the forwar
96: 64 69 6E 67 20 6F 66 20 49 50 20 70 61 63 6B 65 ding of IP packe
112: 74 73 02 65 6E ts.en
Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 provides recommendation 'allow' and evaluation 'don't know'
</pre>
The SWIMA IMV sends a segmentation contract request for PA message type *IETF / Software* as well
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 requests a segmentation contract for PA message type 'IETF/Software' 0x000000/0x00000009
maximum attribute size of 10000000 bytes with maximum segment size of 131000 bytes
</pre>
h2. Sending IETF SW Request Attribute
The SWIMA IMV is responsible for the SWIDT workitem and issues an *IETF / SW Request* attribute
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 handles SWIDT workitem 9
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 issues sw request 9
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0xeaeacdc3
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/SW Request' 0x000000/0x00000011
Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 52 bytes @ 0x7ff810005550
0: 01 00 00 00 EA EA CD C3 00 00 55 97 00 00 00 21 ..........U....!
16: 00 00 00 14 00 98 96 80 00 01 FF B8 00 00 00 00 ................
32: 00 00 00 11 00 00 00 18 20 00 00 00 00 00 00 09 ........ .......
48: 00 00 00 00 ....
Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
</pre>
The first Server DATA batch is sent to the TNC Client
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling outbound connection
Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Server Working' to 'Client Working'
Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-TNC SDATA batch
Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message
Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message
Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message
Jun 22 12:34:57 koala charon-systemd[12088]: sending PB-TNC SDATA batch (277 bytes) for Connection ID 1
Jun 22 12:34:57 koala charon-systemd[12088]: sending PT-TLS message #2 of type 'PB-TNC Batch' (293 bytes)
</pre>
h2. Receiving IETF SW Identity Inventory Attribute
A Client DATA batch has been received
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: received PT-TLS message #2 of type 'PB-TNC Batch' (131072 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: received TNCCS batch (131056 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling inbound connection
Jun 22 12:34:57 koala charon-systemd[12088]: processing PB-TNC CDATA batch for Connection ID 1
Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Client Working' to 'Server Working'
Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-PA message (131048 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 to IMV 2
Jun 22 12:34:57 koala charon-systemd[12088]: => 131024 bytes @ 0x7ff820090960
0: 01 00 00 00 AC 4D 42 7A 00 00 55 97 00 00 00 22 .....MBz..U...."
16: 00 00 00 14 00 98 96 80 00 01 FF B8 00 00 55 97 ..............U.
32: 00 00 00 23 00 01 FF B4 C0 00 00 01 00 00 00 00 ...#............
48: 00 00 00 12 00 02 88 84 00 00 08 01 00 00 00 09 ................
64: 3B 8A 77 A3 00 00 00 A1 00 00 0A CF 00 00 00 01 ;.w.............
80: 01 00 00 52 73 74 72 6F 6E 67 73 77 61 6E 2E 6F ...Rstrongswan.o
96: 72 67 5F 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 rg__Ubuntu_16.04
112: 2D 78 38 36 5F 36 34 2D 61 31 31 79 2D 70 72 6F -x86_64-a11y-pro
128: 66 69 6C 65 2D 6D 61 6E 61 67 65 72 2D 69 6E 64 file-manager-ind
144: 69 63 61 74 6F 72 2D 30 2E 31 2E 31 30 2D 30 75 icator-0.1.10-0u
160: 62 75 6E 74 75 33 00 00 00 00 0A D0 00 00 00 01 buntu3..........
176: 01 00 00 58 73 74 72 6F 6E 67 73 77 61 6E 2E 6F ...Xstrongswan.o
192: 72 67 5F 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 rg__Ubuntu_16.04
208: 2D 78 38 36 5F 36 34 2D 61 63 63 6F 75 6E 74 2D -x86_64-account-
224: 70 6C 75 67 69 6E 2D 66 61 63 65 62 6F 6F 6B 2D plugin-facebook-
240: 30 2E 31 32 7E 31 36 2E 30 34 2E 32 30 31 36 30 0.12~16.04.20160
256: 31 32 36 2D 30 75 62 75 6E 74 75 31 00 00 00 00 126-0ubuntu1....
272: 0A D1 00 00 00 01 01 00 00 56 73 74 72 6F 6E 67 .........Vstrong
288: 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 75 6E 74 75 swan.org__Ubuntu
304: 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 61 63 _16.04-x86_64-ac
320: 63 6F 75 6E 74 2D 70 6C 75 67 69 6E 2D 66 6C 69 count-plugin-fli
336: 63 6B 72 2D 30 2E 31 32 7E 31 36 2E 30 34 2E 32 ckr-0.12~16.04.2
352: 30 31 36 30 31 32 36 2D 30 75 62 75 6E 74 75 31 0160126-0ubuntu1
368: 00 00 00 00 0A D2 00 00 00 01 01 00 00 56 73 74 .............Vst
384: 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 rongswan.org__Ub
400: 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 untu_16.04-x86_6
416: 34 2D 61 63 63 6F 75 6E 74 2D 70 6C 75 67 69 6E 4-account-plugin
432: 2D 67 6F 6F 67 6C 65 2D 30 2E 31 32 7E 31 36 2E -google-0.12~16.
448: 30 34 2E 32 30 31 36 30 31 32 36 2D 30 75 62 75 04.20160126-0ubu
464: 6E 74 75 31 00 00 00 00 06 2E 00 00 00 01 01 00 ntu1............
...
130656: 00 00 00 01 01 00 00 4A 73 74 72 6F 6E 67 73 77 .......Jstrongsw
130672: 61 6E 2E 6F 72 67 5F 5F 55 62 75 6E 74 75 5F 31 an.org__Ubuntu_1
130688: 36 2E 30 34 2D 78 38 36 5F 36 34 2D 70 72 69 6E 6.04-x86_64-prin
130704: 74 65 72 2D 64 72 69 76 65 72 2D 68 70 63 75 70 ter-driver-hpcup
130720: 73 2D 33 2E 31 36 2E 33 7E 72 65 70 61 63 6B 30 s-3.16.3~repack0
130736: 2D 31 00 00 00 00 0E D8 00 00 00 01 01 00 00 43 -1.............C
130752: 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F strongswan.org__
130768: 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 Ubuntu_16.04-x86
130784: 5F 36 34 2D 70 72 69 6E 74 65 72 2D 64 72 69 76 _64-printer-driv
130800: 65 72 2D 6D 69 6E 31 32 78 78 77 2D 30 2E 30 2E er-min12xxw-0.0.
130816: 39 2D 39 00 00 00 00 0E D9 00 00 00 01 01 00 00 9-9.............
130832: 4F 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F Ostrongswan.org_
130848: 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 _Ubuntu_16.04-x8
130864: 36 5F 36 34 2D 70 72 69 6E 74 65 72 2D 64 72 69 6_64-printer-dri
130880: 76 65 72 2D 70 6E 6D 32 70 70 61 2D 31 2E 31 33 ver-pnm2ppa-1.13
130896: 7E 6E 6F 6E 64 62 73 2D 30 75 62 75 6E 74 75 35 ~nondbs-0ubuntu5
130912: 00 00 00 00 0E DA 00 00 00 01 01 00 00 51 73 74 .............Qst
130928: 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 rongswan.org__Ub
130944: 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 untu_16.04-x86_6
130960: 34 2D 70 72 69 6E 74 65 72 2D 64 72 69 76 65 72 4-printer-driver
130976: 2D 70 6F 73 74 73 63 72 69 70 74 2D 68 70 2D 33 -postscript-hp-3
130992: 2E 31 36 2E 33 7E 72 65 70 61 63 6B 30 2D 31 00 .16.3~repack0-1.
131008: 00 00 00 0E DB 00 00 00 01 01 00 00 3F 73 74 72 ............?str
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC message with ID 0xac4d427a
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'TCG/Attribute Segment Envelope' 0x005597/0x00000023
</pre>
The SWIMA IMC accepted the segmentation contract
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 received a segmentation contract response from IMC 2 for PA message type 'IETF/Software' 0x000000/0x00000009
maximum attribute size of 10000000 bytes with maximum segment size of 131000 bytes
</pre>
The first 128k segment of an the *IETF / Software* message Software Identifier Inventory* attribute has been received
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: received first segment for base attribute ID 1 (130980 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/SW Identifier Inventory' 0x000000/0x00000012
Jun 22 12:34:57 koala charon-systemd[12088]: 3 bytes insufficient to parse 63 bytes of data
</pre>
1646 complete software identifiers including their record ID were received in the first segment, 424 identifiers are to follow segment
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: received software identity inventory with 1625 items for request 9 at eid 161 of epoch 0x3b8a77a3, 424 items to follow
Jun 22 12:34:57 koala charon-systemd[12088]: 2767: strongswan.org__Ubuntu_16.04-x86_64-a11y-profile-manager-indicator-0.1.10-0ubuntu3
Jun 22 12:34:57 koala charon-systemd[12088]: 2768: strongswan.org__Ubuntu_16.04-x86_64-account-plugin-facebook-0.12~16.04.20160126-0ubuntu1
Jun 22 12:34:57 koala charon-systemd[12088]: 2769: strongswan.org__Ubuntu_16.04-x86_64-account-plugin-flickr-0.12~16.04.20160126-0ubuntu1
Jun 22 12:34:57 koala charon-systemd[12088]: 2770: strongswan.org__Ubuntu_16.04-x86_64-account-plugin-google-0.12~16.04.20160126-0ubuntu1
...
Jun 22 12:34:57 koala charon-systemd[12088]: 3799: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-hpcups-3.16.3~repack0-1
Jun 22 12:34:57 koala charon-systemd[12088]: 3800: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-min12xxw-0.0.9-9
Jun 22 12:34:57 koala charon-systemd[12088]: 3801: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-pnm2ppa-1.13~nondbs-0ubuntu5
Jun 22 12:34:57 koala charon-systemd[12088]: 3802: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-postscript-hp-3.16.3~repack0-1
</pre>
The SWIMA IMV requests the next segment of the *IETF / Software* message
<pre>
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: creating PA-TNC message with ID 0x41ff7fe5 0xeb46af13
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: creating PA-TNC attribute type 'TCG/Next Segment Request' 0x005597/0x00000024
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: created PA-TNC message: => 24 bytes @ 0x7ff82015ae30 0x7f2250158500
0: 01 00 00 00 41 FF 7F E5 EB 46 AF 13 00 00 55 97 00 00 00 24 ....A.....U....$ .....F....U....$
16: 00 00 00 10 00 00 00 01 ........
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: TNC server is handling outbound connection
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: PB-TNC state transition from 'Server Working' to 'Client Working'
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: creating PB-TNC SDATA batch
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: adding IETF/PB-PA message
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: sending PB-TNC SDATA batch (56 bytes) for Connection ID 1
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: sending PT-TLS message #3 of type 'PB-TNC Batch' (72 bytes)
</pre>
The second and last segment of the *IETF / Software* message has been received
<pre>
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: received PT-TLS message #3 of type 'PB-TNC Batch' (35112 (32859 bytes)
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: received TNCCS batch (35096 (32843 bytes)
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: TNC server is handling inbound connection
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: processing PB-TNC CDATA batch for Connection ID 1
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: PB-TNC state transition from 'Client Working' to 'Server Working'
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: processing IETF/PB-PA message (35088 (32835 bytes)
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 to IMV 2
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: => 35064 32811 bytes @ 0x7ff81802afa0 0x7f2270027540
0: 01 00 00 00 C4 99 91 B7 BA 96 5B 00 00 00 55 97 00 00 00 23 ..........U....# .......[..U....#
16: 00 00 88 F0 80 23 00 00 00 01 31 00 00 00 00 00 00 00 ...#....1.......
32: 00 00 01 01 00 00 48 73 74 72 6F 6E 67 73 77 61 ......Hstrongswa
48: 6E 2E ........ongswan.
32: 6F 72 67 5F 5F 55 62 75 6E 74 75 5F 31 36 2E 30 org__Ubuntu_16.0 n.org_Ubuntu_16.
48: 64: 30 34 2D 78 38 36 5F 36 34 2D 70 72 69 79 74 68 6F 6E 74 65 72 4-x86_64-printer 04-x86_64-python
64: 80: 32 2E 37 2D 64 72 69 65 76 65 72 2D 70 74 6F 75 63 68 32 2E 37 2E 31 32 2D 31 -driver-ptouch-1 2.7-dev-2.7.12-1
80: 96: 75 62 75 6E 74 75 30 7E 31 36 2E 30 34 2D 2E 31 00 ubuntu0~16.04.1.
112: 00 00 00 0E DC 00 00 00 00 00 01 01 00 .4-1............
96: 00 46 4C 73 74 72 ............Lstr
128: 6F 6E 67 73 77 61 6E 2E 6F 72 67 .Fstrongswan.org
112: 5F 5F 55 62 75 6E ongswan.org_Ubun
144: 74 75 5F 31 36 2E 30 34 2D 78 __Ubuntu_16.04-x
128: 38 36 5F 36 34 2D tu_16.04-x86_64-
160: 70 72 79 74 68 6F 6E 32 2E 37 2D 6D 69 6E 74 65 72 2D 64 72 69 6D 61 86_64-printer-dr python2.7-minima
144: 69 76 65 72 2D 70 78 176: 6C 6A 72 2D 32 2E 37 2E 31 2E 34 7E 72 32 2D 31 75 62 75 6E 74 75 iver-pxljr-1.4~r l-2.7.12-1ubuntu
160: 65 70 61 63 6B 192: 30 2D 7E 31 36 2E 30 34 2E 31 00 00 00 00 0E DD 00 00 00 epack0-4........ 0~16.04.1.......
176: 208: 00 00 01 01 00 00 47 32 73 74 72 6F 6E 67 73 77 61 6E .....Gstrongswan ......2strongswa
192: 224: 6E 2E 6F 72 67 5F 5F 55 62 75 6E 74 75 5F 31 36 2E .org__Ubuntu_16. n.org_Ubuntu_16.
208: 240: 30 34 2D 78 38 36 5F 36 34 2D 70 72 69 79 74 68 6F 6E 74 65 04-x86_64-printe 04-x86_64-python
224: 72 256: 33 2D 64 72 69 76 65 72 2D 73 61 67 2D 67 64 69 r-driver-sag-gdi
240: 2D 30 33 2E 35 2E 31 2D 34 75 62 75 6E 74 75 31 33 00 00 00 00 00 00 00 -0.1-4ubuntu1... 3-3.5.1-3.......
256: 272: 00 0E DE 00 00 00 01 01 00 00 50 43 73 74 72 6F 6E ..........Pstron
272: 67 73 77 61 ......Cstrongswa
288: 6E 2E 6F 72 67 5F 5F 55 62 75 6E 74 gswan.org__Ubunt
288: 75 5F 31 36 2E n.org_Ubuntu_16.
304: 30 34 2D 78 38 36 5F 36 34 2D 70 79 74 68 6F 6E u_16.04-x86_64-p 04-x86_64-python
304: 320: 33 2D 61 70 70 6F 72 69 6E 74 65 72 2D 64 72 69 76 65 72 2D 73 70 rinter-driver-sp
320: 6C 69 78 2D 32 2E 32 30 2E 30 7E 73 76 6E 33 31 35 2D lix-2.0.0~svn315 3-apport-2.20.1-
336: 2D 34 66 61 6B 65 73 79 30 75 62 75 6E 63 31 74 75 32 2E 36 00 00 00 00 06 00 00 -4fakesync1..... 0ubuntu2.6......
...
34688: 75 32
32448: 00 00 00 00 0F E0 00 00 00 01 01 00 00 43 u2.............C
34704: 42 73 74 72 6F 6E 67 73 77 .......Bstrongsw
32464: 61 6E 2E 6F 72 67 5F 5F strongswan.org__
34720: 55 62 75 6E 74 75 5F 31 36 an.org_Ubuntu_16
32480: 2E 30 34 2D 78 38 36 Ubuntu_16.04-x86
34736: 5F 36 34 2D 7A 65 6E 69 74 .04-x86_64-zenit
32496: 79 2D 63 6F 6D 6D 6F _64-zenity-commo
34752: 6E 2D 33 2E 31 38 2E 31 2E y-common-3.18.1.
32512: 31 2D 31 75 62 75 6E n-3.18.1.1-1ubun
34768: 74 75 32 00 00 00 00 0F E1 00 00 1-1ubuntu2......
32528: 00 00 00 01 01 00 00 tu2.............
34784: 2E 2D 73 74 72 6F 6E 67 73 77 .......-strongsw
32544: 61 6E 2E 6F 72 67 5F .strongswan.org_
34800: 5F 55 62 75 6E 74 75 5F 31 36 an.org_Ubuntu_16
32560: 2E 30 34 2D 78 38 _Ubuntu_16.04-x8
34816: 36 5F 36 34 2D 7A 69 70 2D 33 .04-x86_64-zip-3
32576: 2E 30 2D 31 31 00 6_64-zip-3.0-11.
34832: 00 00 00 09 D2 00 00 00 00 00 01 01 .0-11...........
32592: 00 00 42 41 73 74 72 ............Bstr
34848: 6F 6E 67 73 77 61 6E 2E 6F 72 ..Astrongswan.or
32608: 67 5F 5F 55 62 75 ongswan.org__Ubu
34864: 6E 74 75 5F 31 36 2E 30 34 2D 78 g_Ubuntu_16.04-x
32624: 38 36 5F 36 34 ntu_16.04-x86_64
34880: 2D 7A 6C 69 62 31 67 2D 31 7E 31 86_64-zlib1g-1~1
32640: 2E 32 2E 38 2E -zlib1g-1~1.2.8.
34896: 64 66 73 67 2D 32 75 62 75 6E 74 .2.8.dfsg-2ubunt
32656: 75 34 2E 31 00 dfsg-2ubuntu4.1.
34912: 00 00 00 09 D9 00 00 00 00 00 01 01 00 u4.1............
32672: 00 46 45 73 74 72 ............Fstr
34928: 6F 6E 67 73 77 61 6E 2E 6F 72 67 .Estrongswan.org
32688: 5F 5F 55 62 75 ongswan.org__Ubu
34944: 6E 74 75 5F 31 36 2E 30 34 2D 78 38 _Ubuntu_16.04-x8
32704: 36 5F 36 34 ntu_16.04-x86_64
34960: 2D 7A 6C 69 62 31 67 2D 64 65 76 2D 6_64-zlib1g-dev-
32720: 31 7E 31 2E -zlib1g-dev-1~1.
34976: 32 2E 38 2E 64 66 73 67 2D 32 75 62 1~1.2.8.dfsg-2ub
32736: 75 6E 74 75 2.8.dfsg-2ubuntu
34992: 34 2E 31 00 00 00 00 00 00 00 00 00 untu4.1.........
32752: 01 02 00 00 4.1.............
35008: 20 1F 73 74 72 6F 6E 67 73 77 61 6E 2E .....strongswan.
32768: 6F 72 67 5F strongswan.org_
35024: 5F 73 74 72 6F 6E 67 53 77 61 6E 2D 35 org_strongSwan-5
32784: 2D 35 2D _strongSwan-5-5-
35040: 33 00 15 2F 75 73 72 2F 73 68 61 72 65 -5-3../usr/share
32800: 2F 73 74 3../usr/share/st
35056: 72 6F 6E 67 73 77 61 6E rongswan /strongswan
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: processing PA-TNC message with ID 0xc4999100 0xb7ba965b
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: processing PA-TNC attribute type 'TCG/Attribute Segment Envelope' 0x005597/0x00000023
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: received last segment for base attribute ID 1 (35040 (32787 bytes)
</pre>
The remaining software identifiers have been received. The *IETF / Software Identifier Inventory* attribute is complete
<pre>
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: received software identity inventory with 424 401 items for request 9 251 at eid 161 1 of epoch 0x3b8a77a3, 0x11223344, 0 items to follow
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: 3803: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-ptouch-1.4-1 strongswan.org_Ubuntu_16.04-x86_64-python2.7-2.7.12-1ubuntu0~16.04.1
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: 3804: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-pxljr-1.4~repack0-4 strongswan.org_Ubuntu_16.04-x86_64-python2.7-dev-2.7.12-1ubuntu0~16.04.1
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: 3805: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-sag-gdi-0.1-4ubuntu1 strongswan.org_Ubuntu_16.04-x86_64-python2.7-minimal-2.7.12-1ubuntu0~16.04.1
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: 3806: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-splix-2.0.0~svn315-4fakesync1 strongswan.org_Ubuntu_16.04-x86_64-python3-3.5.1-3
...
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: 4064: strongswan.org__Ubuntu_16.04-x86_64-zenity-common-3.18.1.1-1ubuntu2 strongswan.org_Ubuntu_16.04-x86_64-python3-apport-2.20.1-0ubuntu2.6
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-zenity-common-3.18.1.1-1ubuntu2
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: 4065: strongswan.org__Ubuntu_16.04-x86_64-zip-3.0-11 strongswan.org_Ubuntu_16.04-x86_64-zip-3.0-11
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: 2514: strongswan.org__Ubuntu_16.04-x86_64-zlib1g-1~1.2.8.dfsg-2ubuntu4.1 strongswan.org_Ubuntu_16.04-x86_64-zlib1g-1~1.2.8.dfsg-2ubuntu4.1
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: 2521: strongswan.org__Ubuntu_16.04-x86_64-zlib1g-dev-1~1.2.8.dfsg-2ubuntu4.1 strongswan.org_Ubuntu_16.04-x86_64-zlib1g-dev-1~1.2.8.dfsg-2ubuntu4.1
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: 0: strongswan.org__strongSwan-5-5-3 charon-systemd[27680]: strongswan.org_strongSwan-5-5-3
</pre>
h2. Sending IETF [Targeted] SW Request Attribute
All software identifiers are sent to the strongTNC policy manager via a REST-ful interface. The policy manager checks all software identifiers in its database and finds that it does not have a <pre>
un 13 14:47:16 koala charon-systemd[27680]: 12 SWID tag for the strongSwan-5.5.3 software
<pre> targets
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: sending request to 'https://admin-user:xxxxxxxxxx!@tnc.strongswan.org/api/sessions/2/swid-measurement/'... strongswan.org_Ubuntu_16.04-x86_64-libqt5core5a-5.5.1~dfsg-16ubuntu7.5
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: 1 SWID tag target charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5dbus5-5.5.1~dfsg-16ubuntu7.5
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: strongswan.org__strongSwan-5-5-3 strongswan.org_Ubuntu_16.04-x86_64-libqt5gui5-5.5.1~dfsg-16ubuntu7.5
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5network5-5.5.1~dfsg-16ubuntu7.5
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5opengl5-5.5.1~dfsg-16ubuntu7.5
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5printsupport5-5.5.1~dfsg-16ubuntu7.5
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5sql5-5.5.1~dfsg-16ubuntu7.5
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5sql5-sqlite-5.5.1~dfsg-16ubuntu7.5
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5test5-5.5.1~dfsg-16ubuntu7.5
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5widgets5-5.5.1~dfsg-16ubuntu7.5
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5xml5-5.5.1~dfsg-16ubuntu7.5
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_strongSwan-5-5-3
</pre>
A targeted *IETF / SW Request* attribute is sent in Server DATA batch
<pre>
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: creating PA-TNC message with ID 0x6d9f210a 0x5f558479
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: creating PA-TNC attribute type 'IETF/SW Request' 0x000000/0x00000011
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: created PA-TNC message: => 66 866 bytes @ 0x7ff8180036c0 0x7f2270179190
0: 01 00 00 00 6D 9F 21 0A 5F 55 84 79 00 00 00 00 00 00 00 11 ....m.!......... ...._U.y........
16: 00 00 03 5A 00 3A 00 00 0C 00 01 00 00 FB 00 09 00 00 00 00 ...:............ ...Z............
32: 00 20 46 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 . strongswan.org .Fstrongswan.org
48: 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 _Ubuntu_16.04-x8
64: 36 5F 36 34 2D 6C 69 62 71 74 35 63 6F 72 65 35 6_64-libqt5core5
80: 61 2D 35 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75 a-5.5.1~dfsg-16u
96: 62 75 6E 74 75 37 2E 35 00 45 73 74 72 6F 6E 67 buntu7.5.Estrong
112: 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F swan.org_Ubuntu_
128: 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 6C 69 62 16.04-x86_64-lib
144: 71 74 35 64 62 75 73 35 2D 35 2E 35 2E 31 7E 64 qt5dbus5-5.5.1~d
160: 66 73 67 2D 31 36 75 62 75 6E 74 75 37 2E 35 00 fsg-16ubuntu7.5.
176: 44 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F Dstrongswan.org_
192: 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 Ubuntu_16.04-x86
208: 5F 36 34 2D 6C 69 62 71 74 35 67 75 69 35 2D 35 _64-libqt5gui5-5
224: 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75 62 75 6E .5.1~dfsg-16ubun
240: 74 75 37 2E 35 00 48 73 74 72 6F 6E 67 73 77 61 tu7.5.Hstrongswa
256: 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 36 2E n.org_Ubuntu_16.
272: 30 34 2D 78 38 36 5F 36 34 2D 6C 69 62 71 74 35 04-x86_64-libqt5
288: 6E 65 74 77 6F 72 6B 35 2D 35 2E 35 2E 31 7E 64 network5-5.5.1~d
304: 66 73 67 2D 31 36 75 62 75 6E 74 75 37 2E 35 00 fsg-16ubuntu7.5.
320: 47 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F Gstrongswan.org_
336: 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 Ubuntu_16.04-x86
352: 5F 36 34 2D 6C 69 62 71 74 35 6F 70 65 6E 67 6C _64-libqt5opengl
368: 35 2D 35 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75 5-5.5.1~dfsg-16u
384: 62 75 6E 74 75 37 2E 35 00 4D 73 74 72 6F 6E 67 buntu7.5.Mstrong
400: 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F swan.org_Ubuntu_
416: 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 6C 69 62 16.04-x86_64-lib
432: 71 74 35 70 72 69 6E 74 73 75 70 70 6F 72 74 35 qt5printsupport5
448: 2D 35 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75 62 -5.5.1~dfsg-16ub
464: 75 6E 74 75 37 2E 35 00 44 73 74 72 6F 6E 67 73 untu7.5.Dstrongs
480: 77 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 wan.org_Ubuntu_1
496: 36 2E 30 34 2D 78 38 36 5F 36 34 2D 6C 69 62 71 6.04-x86_64-libq
512: 74 35 73 71 6C 35 2D 35 2E 35 2E 31 7E 64 66 73 t5sql5-5.5.1~dfs
528: 67 2D 31 36 75 62 75 6E 74 75 37 2E 35 00 4B 73 g-16ubuntu7.5.Ks
544: 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 55 62 trongswan.org_Ub
560: 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 untu_16.04-x86_6
576: 34 2D 6C 69 62 71 74 35 73 71 6C 35 2D 73 71 6C 4-libqt5sql5-sql
592: 69 74 65 2D 35 2E 35 2E 31 7E 64 66 73 67 2D 31 ite-5.5.1~dfsg-1
608: 36 75 62 75 6E 74 75 37 2E 35 00 45 73 74 72 6F 6ubuntu7.5.Estro
624: 6E 67 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 ngswan.org_Ubunt
640: 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 6C u_16.04-x86_64-l
656: 69 62 71 74 35 74 65 73 74 35 2D 35 2E 35 2E 31 ibqt5test5-5.5.1
672: 7E 64 66 73 67 2D 31 36 75 62 75 6E 74 75 37 2E ~dfsg-16ubuntu7.
688: 35 00 48 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 5.Hstrongswan.or
704: 67 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 g_Ubuntu_16.04-x
720: 38 36 5F 36 34 2D 6C 69 62 71 74 35 77 69 64 67 86_64-libqt5widg
736: 65 74 73 35 2D 35 2E 35 2E 31 7E 64 66 73 67 2D ets5-5.5.1~dfsg-
752: 31 36 75 62 75 6E 74 75 37 2E 35 00 44 73 74 72 16ubuntu7.5.Dstr
768: 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E ongswan.org_Ubun
784: 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D tu_16.04-x86_64-
800: 6C 69 62 71 74 35 78 6D 6C 35 2D 35 2E 35 2E 31 libqt5xml5-5.5.1
816: 7E 64 66 73 67 2D 31 36 75 62 75 6E 74 75 37 2E ~dfsg-16ubuntu7.
832: 35 00 1F 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 5..strongswan.or
848: 67 5F 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 35 __strongSwan-5-5
64: g_strongSwan-5-5
864: 2D 33 -3
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: TNC server is handling outbound connection
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: PB-TNC state transition from 'Server Working' to 'Client Working'
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: creating PB-TNC SDATA batch
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: adding IETF/PB-PA message
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: sending PB-TNC SDATA batch (98 (898 bytes) for Connection ID 1
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: sending PT-TLS message #4 of type 'PB-TNC Batch' (114 (914 bytes)
</pre>
h2. Receiving IETF SW Inventory Attribute
<pre>
Jun 22 12:34:58 13 14:47:18 koala charon-systemd[12088]: charon-systemd[27680]: received PT-TLS message #4 of type 'PB-TNC Batch' (508 (6892 bytes)
Jun 22 12:34:58 13 14:47:18 koala charon-systemd[12088]: charon-systemd[27680]: received TNCCS batch (492 (6876 bytes)
Jun 22 12:34:58 13 14:47:18 koala charon-systemd[12088]: charon-systemd[27680]: TNC server is handling inbound connection
Jun 22 12:34:58 13 14:47:18 koala charon-systemd[12088]: charon-systemd[27680]: processing PB-TNC CDATA batch for Connection ID 1
Jun 22 12:34:58 13 14:47:18 koala charon-systemd[12088]: charon-systemd[27680]: PB-TNC state transition from 'Client Working' to 'Server Working'
Jun 22 12:34:58 13 14:47:18 koala charon-systemd[12088]: charon-systemd[27680]: processing IETF/PB-PA message (484 (6868 bytes)
Jun 22 12:34:58 13 14:47:18 koala charon-systemd[12088]: charon-systemd[27680]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 22 12:34:58 13 14:47:18 koala charon-systemd[12088]: charon-systemd[27680]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 to IMV 2
Jun 22 12:34:58 13 14:47:18 koala charon-systemd[12088]: charon-systemd[27680]: => 460 6844 bytes @ 0x7ff83c003ef0 0x7f226800cde0
0: 01 00 00 00 9A 73 D4 63 6D 84 09 75 00 00 00 00 00 00 00 14 .....s.c........ ....m..u........
16: 00 00 01 C4 1A B4 00 00 00 01 0C 00 00 00 09 FB 11 22 33 44 ............."3D
32: 00 00 00 01 00 00 00 00 00 00 00 01 02 01 00 00 20 46 ...............
...............F
48: 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F 55 strongswan.org__ strongswan.org_U
64: 73 62 75 6E 74 72 6F 6E 67 53 77 61 6E 75 5F 31 36 2E 30 34 2D 35 2D 35 2D 33 78 38 36 5F strongSwan-5-5-3 buntu_16.04-x86_
80: 00 15 2F 75 73 36 34 2D 6C 69 62 71 74 35 63 6F 72 2F 73 68 65 35 61 72 65 2F 73 74 72 2D ../usr/share/str 64-libqt5core5a-
96: 6F 6E 35 2E 35 2E 31 7E 64 66 73 67 73 77 61 2D 31 36 75 62 75 5.5.1~dfsg-16ubu
112: 6E 74 75 37 2E 35 00 00 00 00 01 61 EA 3C 3F 78 6D 6C ongswan...a<?xml ntu7.5......<?xm
112: 128: 6C 20 76 65 72 73 69 6F 6E 3D 22 31 2E 30 22 20 l version="1.0"
144: 65 version="1.0" e
128: 6E 63 6F 64 69 6E 67 3D 22 75 74 66 2D 38 22 3F ncoding="utf-8"? encoding="utf-8"
144: 160: 3F 3E 0A 0A 3C 53 6F 66 74 77 61 72 65 49 64 65 6E 74 >..<SoftwareIden ?><SoftwareIdent
160: 74 176: 69 74 79 0A 20 20 6E 61 6D 65 3D 22 73 6C 69 62 71 74 72 35 tity. name="str ity name="libqt5
176: 192: 63 6F 6E 67 53 77 72 65 35 61 6E 22 0A 20 20 74 61 67 49 64 3D 22 55 ongSwan". core5a" tagId="U
208: 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F tagId buntu_16.04-x86_
192: 3D 22 73 224: 36 34 2D 6C 69 62 71 74 35 63 6F 72 6F 6E 67 53 77 65 35 61 6E 2D 64-libqt5core5a-
240: 35 2E 35 2E 31 7E 64 66 73 67 2D 35 31 36 75 62 75 ="strongSwan-5-5 5.5.1~dfsg-16ubu
208: 2D 33 256: 6E 74 75 37 2E 35 22 0A 20 20 76 65 72 73 69 6F 6E 3D ntu7.5" version=
272: 22 35 2E 35 2E 31 2B 64 66 73 67 2D 31 36 75 62 -3". version="5 "5.5.1+dfsg-16ub
224: 288: 75 6E 74 75 37 2E 35 2E 33 22 20 76 65 72 73 69 6F 6E untu7.5" version
304: 53 63 68 .5.3" versionSch
240: 65 6D 65 3D 22 61 6C 70 68 61 6E 75 6D Scheme="alphanum
320: 65 72 69 eme="alphanumeri
256: 63 22 0A 20 20 78 6D 6C 6E 73 3D 22 68 74 74 70 c". xmlns="http eric" xmlns="htt
272: 336: 70 3A 2F 2F 73 74 61 6E 64 61 72 64 73 2E 69 73 6F ://standards.iso p://standards.is
288: 352: 6F 2E 6F 72 67 2F 69 73 6F 2F 31 39 37 37 30 2F 2D .org/iso/19770/- o.org/iso/19770/
304: 368: 2D 32 2F 32 30 31 35 2F 73 63 68 65 6D 61 2E 78 73 2/2015/schema.xs -2/2015/schema.x
320: 384: 73 64 22 3E 0A 20 20 3C 45 6E 74 69 74 79 0A 20 20 d">. <Entity.
336: 20 20 6E 61 78 6D 65 3D 22 73 74 72 6F 6C 6E 67 53 77 name="strongSw
352: 61 6E 20 50 72 6F 6A 65 63 74 22 0A 20 20 20 20 an Project".
368: 72 65 67 69 64 3D 22 73 74 72 6F 3A 6E 67 73 77 61 regid="strongswa
384: 6E 2E 6F 72 67 22 0A 20 20 20 20 72 6F 6C 65 38 30 36 30 3D n.org". role= sd" xmlns:n8060=
400: 22 73 6F 66 68 74 77 61 72 65 43 72 65 61 74 6F 70 3A 2F 2F 63 73 72 63 2E 6E 69 73 "softwareCreator "http://csrc.nis
416: 20 6C 69 63 65 6E 73 6F 72 20 74 61 2E 67 43 72 65 licensor tagCre
432: 61 74 6F 72 22 2F 3E 0A 3C 2F 53 6F 66 74 77 61 ator"/>.</Softwa
448: 72 65 49 64 65 6E 74 69 74 79 3E 0A reIdentity>.
Jun 22 12:34:58 koala charon-systemd[12088]: processing PA-TNC message with ID 0x9a73d463
Jun 22 12:34:58 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/SW Inventory' 0x000000/0x00000014
Jun 22 12:34:58 koala charon-systemd[12088]: received software inventory with 1 item for request 9 at eid 1 of epoch 0x11223344, 0 items to follow
</pre>
The XML-encoded ISO-17770-2:2015 SWID tag for the strongswan-5-5-3 software
<pre>
Jun 22 12:34:58 koala charon-systemd[12088]: <?xml version="1.0" encoding="utf-8"?>
<SoftwareIdentity
name="strongSwan"
tagId="strongSwan-5-5-3"
version="5.5.3" versionScheme="alphanumeric"
xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
<Entity
name="strongSwan Project"
regid="strongswan.org"
role="softwareCreator licensor tagCreator"/>
</SoftwareIdentity>
</pre>
The SWID tag is uploaded to the strongTNC policy manager via the REST-ful API. Then the complete software identifier inventory is reposted
<pre>
Jun 22 12:34:58 koala charon-systemd[12088]: sending request to 'https://admin-user:xxxxxxxxxx!@tnc.strongswan.org/api/swid/add-tags/'...
Jun 22 12:34:58 koala charon-systemd[12088]: sending request to 'https://admin-user:xxxxxxxxxx!@tnc.strongswan.org/api/sessions/2/swid-measurement/'...
</pre>
h2. Terminating PT-TLS Client Connection
The PT-TLS client session is terminated
<pre>
Jun 22 12:34:58 koala charon-systemd[12088]: IMV 2 handled SWIDT workitem 9: allow - received inventory of 2049 SWID tag IDs and 1 SWID tag
Jun 22 12:34:58 koala charon-systemd[12088]: creating PA-TNC message with ID 0xf63cbcf4
Jun 22 12:34:58 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
Jun 22 12:34:58 koala charon-systemd[12088]: created PA-TNC message: => 24 bytes @ 0x7ff83c000f50
0: 01 00 00 00 F6 3C BC F4 00 00 00 00 00 00 00 09 .....<..........
16: 00 00 00 10 00 00 00 00 ........
Jun 22 12:34:58 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 22 12:34:58 koala charon-systemd[12088]: IMV 2 provides recommendation 'allow' and evaluation 'compliant'
Jun 22 12:34:58 koala charon-systemd[12088]: TNC server is handling outbound connection
Jun 22 12:34:58 koala charon-systemd[12088]: running policy script: 2>&1 ipsec imv_policy_manager stop 2
Jun 22 12:34:58 koala charon-systemd[12088]: policy: recommendation for access requestor 46.126.238.39 is allow
Jun 22 12:34:58 koala charon-systemd[12088]: policy: imv_policy_manager stop successful
Jun 22 12:34:58 koala charon-systemd[12088]: IMV 1 "OS" changed state of Connection ID 1 to 'Allowed'
Jun 22 12:34:58 koala charon-systemd[12088]: IMV 2 "SWIMA" changed state of Connection ID 1 to 'Allowed'
Jun 22 12:34:58 koala charon-systemd[12088]: PB-TNC state transition from 'Server Working' to 'Decided'
Jun 22 12:34:58 koala charon-systemd[12088]: creating PB-TNC RESULT batch
Jun 22 12:34:58 koala charon-systemd[12088]: adding IETF/PB-PA message
Jun 22 12:34:58 koala charon-systemd[12088]: adding IETF/PB-Assessment-Result message
Jun 22 12:34:58 koala charon-systemd[12088]: adding IETF/PB-Access-Recommendation message
Jun 22 12:34:58 koala charon-systemd[12088]: sending PB-TNC RESULT batch (88 bytes) for Connection ID 1
Jun 22 12:34:58 koala charon-systemd[12088]: sending PT-TLS message #5 of type 'PB-TNC Batch' (104 bytes)
Jun 22 12:34:58 koala charon-systemd[12088]: received PT-TLS message #5 of type 'PB-TNC Batch' (24 bytes)
Jun 22 12:34:58 koala charon-systemd[12088]: received TNCCS batch (8 bytes)
Jun 22 12:34:58 koala charon-systemd[12088]: TNC server is handling inbound connection
Jun 22 12:34:58 koala charon-systemd[12088]: processing PB-TNC CLOSE batch for Connection ID 1
Jun 22 12:34:58 koala charon-systemd[12088]: PB-TNC state transition from 'Decided' to 'End'
Jun 22 12:34:58 koala charon-systemd[12088]: final recommendation is 'allow' and evaluation is 'compliant'
Jun 22 12:34:58 koala charon-systemd[12088]: PT-TLS connection terminates
Jun 22 12:34:58 koala charon-systemd[12088]: IMV 1 "OS" deleted the state of Connection ID 1
Jun 22 12:34:58 koala charon-systemd[12088]: IMV 2 "SWIMA" deleted the state of Connection ID 1
Jun 22 12:34:58 koala charon-systemd[12088]: removed TNCCS Connection ID 1
Jun 22 12:34:58 koala charon-systemd[12088]: sending TLS close notify
</pre>
h2. Stopping PT-TLS Daemon
The strongSwan PT-TLS server daemon can be stopped using the following systemd command
<pre>
systemctl stop strongswan-swanctl
</pre>
<pre>
Jun 22 14:11:43 koala charon-systemd[12088]: SIGTERM received, shutting down
Jun 22 14:11:43 koala systemd[1]: Stopping strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
Jun 22 14:11:43 koala charon-systemd[12088]: sending TLS close notify
Jun 22 14:11:43 koala charon-systemd[12088]: IMV 2 "SWIMA" terminated
Jun 22 14:11:43 koala charon-systemd[12088]: IMV 1 "OS" terminated
Jun 22 14:11:43 koala charon-systemd[12088]: removed IETF attributes
Jun 22 14:11:43 koala charon-systemd[12088]: removed ITA-HSR attributes
Jun 22 14:11:43 koala charon-systemd[12088]: removed PWG attributes
Jun 22 14:11:43 koala charon-systemd[12088]: removed TCG attributes
Jun 22 14:11:43 koala charon-systemd[12088]: libimcv terminated
Jun 22 14:11:43 koala systemd[1]: Stopped strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
</pre> [ Incomplete diff, document too large... ]
{{>toc}}
h2. Starting PT-TLS Server Daemon
The PT-TLS server based on the strongSwan systemd daemon is usually started automatically at boot time with the command
<pre>
systemctl start strongswan-swanctl
</pre>
First all the PA-TNC attribute definitions from the IETF, TCG, ITA-HSR and PWG namespaces are loaded. The IMVs to by dynamically loaded are read from _/etc/tnc_config_.
<pre>
Jun 22 12:31:28 koala systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
Jun 22 12:31:28 koala charon-systemd[12088]: TNC recommendation policy is 'default'
Jun 22 12:31:28 koala charon-systemd[12088]: loading IMVs from '/etc/tnc_config'
Jun 22 12:31:28 koala charon-systemd[12088]: added IETF attributes
Jun 22 12:31:28 koala charon-systemd[12088]: added ITA-HSR attributes
Jun 22 12:31:28 koala charon-systemd[12088]: added PWG attributes
Jun 22 12:31:28 koala charon-systemd[12088]: added TCG attributes
Jun 22 12:31:28 koala charon-systemd[12088]: libimcv initialized
</pre>
The OS IMV is loaded as a dynamic library and attached to the TNC server.
<pre>
Jun 22 12:31:28 koala charon-systemd[12088]: IMV 1 "OS" initialized
Jun 22 12:31:28 koala charon-systemd[12088]: IMV 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001
Jun 22 12:31:28 koala charon-systemd[12088]: IMV 1 "OS" loaded from '/usr/lib/ipsec/imcvs/imv-os.so'
</pre>
The SWIMA IMV is loaded as a dynamic library and attached to the TNC server.
<pre>
Jun 22 12:31:28 koala charon-systemd[12088]: IMV 2 "SWIMA" initialized
Jun 22 12:31:28 koala charon-systemd[12088]: IMV 2 supports 1 message type: 'IETF/Software' 0x000000/0x00000009
Jun 22 12:31:28 koala charon-systemd[12088]: IMV 2 "SWIMA" loaded from '/usr/lib/ipsec/imcvs/imv-swima.so'
</pre>
The strongSwan daemon loads all required plugins and goes into multi-threading mode so that multiple PT-TLS connections can be handled
<pre>
Jun 22 12:31:28 koala charon-systemd[12088]: loaded plugins: charon-systemd charon-systemd random nonce x509 tpm openssl revocation constraints pubkey pkcs1 pkcs8 pkcs12 pem tnc-imv tnc-pdp tnc-tnccs tnccs-20 kernel-netlink socket-default sqlite curl vici
Jun 22 12:31:28 koala charon-systemd[12088]: spawning 16 worker threads
</pre>
Multiple PT-TLS server and CA certificates are loaded into the daemon
<pre>
Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=MSE, OU=TSM_ITSec, CN=mse2.strongswan.org'
Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=strongSec GmbH, CN=koala.strongsec.com'
Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=strongSec GmbH, CN=koala.strongsec.com'
Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA'
Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA'
</pre>
The actual loading is done by the *swanctl* command line tool which transfers the certificates to the daemon via a Unix socket.
<pre>
Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509/MSE2_Cert.pem'
Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509/koala_AIK_ECC_Cert.pem'
Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509/koala_AIK_RSA_Cert.pem'
Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509ca/strongsecCaCert.pem'
Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509ca/MSE_CA_Cert.pem'
</pre>
The first server certificate has a matching ECDSA private key loaded from file
<pre>
Jun 22 12:31:28 koala charon-systemd[12088]: loaded ECDSA private key
</pre>
The second server certificate has a matching ECDSA key protected by a TPM 2.0
<pre>
Jun 22 12:31:28 koala charon-systemd[12088]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES MGF1 KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 ECMQV KDF1_SP800_108 ECC SYMCIPHER CTR OFB CBC CFB ECB
Jun 22 12:31:28 koala charon-systemd[12088]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
Jun 22 12:31:28 koala charon-systemd[12088]: TPM 2.0 via TSS2 available
Jun 22 12:31:29 koala charon-systemd[12088]: AIK signature algorithm is ECDSA with SHA256 hash
Jun 22 12:31:29 koala charon-systemd[12088]: loaded ECDSA private key from token
</pre>
The third server certificate has a matching RSA key protected by a TPM 2.0
<pre>
Jun 22 12:31:29 koala charon-systemd[12088]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES MGF1 KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 ECMQV KDF1_SP800_108 ECC SYMCIPHER CTR OFB CBC CFB ECB
Jun 22 12:31:29 koala charon-systemd[12088]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
Jun 22 12:31:29 koala charon-systemd[12088]: TPM 2.0 via TSS2 available
Jun 22 12:31:29 koala charon-systemd[12088]: AIK signature algorithm is RSASSA with SHA256 hash
Jun 22 12:31:29 koala charon-systemd[12088]: loaded RSA private key from token
</pre>
Again it is the *swanctl* tool which loads the private keys or determines the IDs of keys residing on smartcard or TPM devices.
<pre>
Jun 22 12:31:29 koala swanctl[12107]: loaded ecdsa key from '/etc/swanctl/ecdsa/MSE2_Key.pem'
Jun 22 12:31:29 koala swanctl[12107]: loaded key token_ak_ecc from token [keyid: 8e70ca6665cd2e6c7893e407cb9a7cd6264d714f]
Jun 22 12:31:29 koala swanctl[12107]: loaded key token_ak_rsa from token [keyid: ce431f647d549f759267422f4097c874e2eca547]
</pre>
The PT-TLS server is now up and ready to accept connections on the default TCP port 271.
<pre>
Jun 22 12:31:29 koala systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
</pre>
h2. Accepting PT-TLS Client Connection
A PT-TLS client connects to the PT-TLS server and does a TLS 1.2 handshake to establish a secure socket
<pre>
Jun 22 12:34:56 koala charon-systemd[12088]: accepting PT-TLS stream from 46.126.238.39
Jun 22 12:34:56 koala charon-systemd[12088]: entering PT-TLS negotiation phase
Jun 22 12:34:56 koala charon-systemd[12088]: negotiated TLS 1.2 using suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Jun 22 12:34:56 koala charon-systemd[12088]: sending TLS server certificate 'C=CH, O=MSE, OU=TSM_ITSec, CN=mse2.strongswan.org'
Jun 22 12:34:56 koala charon-systemd[12088]: sending TLS cert request for 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA'
Jun 22 12:34:56 koala charon-systemd[12088]: sending TLS cert request for 'C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA'
Jun 22 12:34:56 koala charon-systemd[12088]: received TLS peer certificate 'C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com'
Jun 22 12:34:56 koala charon-systemd[12088]: using certificate "C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com"
Jun 22 12:34:56 koala charon-systemd[12088]: using trusted ca certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
Jun 22 12:34:56 koala charon-systemd[12088]: checking certificate status of "C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com"
Jun 22 12:34:56 koala charon-systemd[12088]: using trusted certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
Jun 22 12:34:56 koala charon-systemd[12088]: crl correctly signed by "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
Jun 22 12:34:56 koala charon-systemd[12088]: crl is valid: until Jun 25 10:00:01 2017
Jun 22 12:34:56 koala charon-systemd[12088]: using cached crl
Jun 22 12:34:56 koala charon-systemd[12088]: using trusted certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
Jun 22 12:34:56 koala charon-systemd[12088]: crl correctly signed by "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
Jun 22 12:34:56 koala charon-systemd[12088]: crl is valid: until Jun 23 10:00:01 2017
Jun 22 12:34:56 koala charon-systemd[12088]: using cached crl
Jun 22 12:34:56 koala charon-systemd[12088]: certificate status is good
Jun 22 12:34:56 koala charon-systemd[12088]: reached self-signed root ca with a path length of 0
</pre>
The PT-TLS protocol is started skipping SASL-based client authentication because the client already authenticated itself during the TLS handshake.
<pre>
Jun 22 12:34:56 koala charon-systemd[12088]: received PT-TLS message #0 of type 'Version Request' (20 bytes)
Jun 22 12:34:56 koala charon-systemd[12088]: sending PT-TLS message #0 of type 'Version Response' (20 bytes)
Jun 22 12:34:56 koala charon-systemd[12088]: negotiated PT-TLS version 1
Jun 22 12:34:56 koala charon-systemd[12088]: doing SASL client authentication
Jun 22 12:34:56 koala charon-systemd[12088]: skipping SASL, client already authenticated by TLS certificate
Jun 22 12:34:56 koala charon-systemd[12088]: sending PT-TLS message #1 of type 'SASL Mechanisms' (16 bytes)
</pre>
The PT-TLS protocol switches to the data transport phase and a TNCCS (PB-TNC) connection is instantiated
<pre>
Jun 22 12:34:56 koala charon-systemd[12088]: entering PT-TLS data transport phase
Jun 22 12:34:57 koala charon-systemd[12088]: received PT-TLS message #1 of type 'PB-TNC Batch' (337 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: assigned TNCCS Connection ID 1
</pre>
An OS IMV instance is created for this PB-TNC connection
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
Jun 22 12:34:57 koala charon-systemd[12088]: over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes
Jun 22 12:34:57 koala charon-systemd[12088]: user AR identity 'C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com' of type X.500 DN authenticated by certificate
Jun 22 12:34:57 koala charon-systemd[12088]: machine AR identity '46.126.238.39' of type IPv4 address authenticated by unknown method
</pre>
A SWIMA IMV instance is created for this PB-TNC connection
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
Jun 22 12:34:57 koala charon-systemd[12088]: over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes
</pre>
The PB-TNC connection is now initialized and goes into Handshake mode
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 "OS" changed state of Connection ID 1 to 'Handshake'
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" changed state of Connection ID 1 to 'Handshake'
</pre>
The first PB-TNC client batch is received containing two PA-TNC messages
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: received TNCCS batch (321 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling inbound connection
Jun 22 12:34:57 koala charon-systemd[12088]: processing PB-TNC CDATA batch for Connection ID 1
Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Init' to 'Server Working'
Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-Language-Preference message (31 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-PA message (230 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-PA message (52 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: setting language preference to 'en'
</pre>
The first PA-TNC message is of type *IETF / Operating System* and contains some IETF standard attributes sent by the OS IMC
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 "OS" received message for Connection ID 1 from IMC 1
Jun 22 12:34:57 koala charon-systemd[12088]: => 206 bytes @ 0x7ff810004f10
0: 01 00 00 00 6F 69 67 01 00 00 00 00 00 00 00 02 ....oig.........
16: 00 00 00 17 00 71 32 00 00 55 62 75 6E 74 75 00 .....q2..Ubuntu.
32: 00 00 00 00 00 00 04 00 00 00 1B 0C 31 36 2E 30 ............16.0
48: 34 20 78 38 36 5F 36 34 00 00 00 00 00 00 00 00 4 x86_64........
64: 00 03 00 00 00 1C 00 00 00 10 00 00 00 04 00 00 ................
80: 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 ................
96: 00 24 03 01 00 00 32 30 31 37 2D 30 36 2D 31 39 .$....2017-06-19
112: 54 31 34 3A 31 38 3A 33 35 5A 00 00 00 00 00 00 T14:18:35Z......
128: 00 0B 00 00 00 10 00 00 00 01 00 00 00 00 00 00 ................
144: 00 0C 00 00 00 10 00 00 00 00 00 00 90 2A 00 00 .............*..
160: 00 08 00 00 00 34 35 64 39 35 30 32 31 33 39 36 .....45d95021396
176: 64 32 34 31 35 65 35 63 35 33 63 61 32 64 65 61 d2415e5c53ca2dea
192: 36 66 62 63 31 63 32 33 38 37 63 35 36 61 6fbc1c2387c56a
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC message with ID 0x6f696701
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
</pre>
This is the OS information contained in the PA-TNC attributes
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: operating system name is 'Ubuntu' from vendor Canonical
Jun 22 12:34:57 koala charon-systemd[12088]: operating system version is '16.04 x86_64'
Jun 22 12:34:57 koala charon-systemd[12088]: operating system numeric version is 16.4
Jun 22 12:34:57 koala charon-systemd[12088]: operational status: operational, result: successful
Jun 22 12:34:57 koala charon-systemd[12088]: last boot: Jun 19 14:18:35 UTC 2017
Jun 22 12:34:57 koala charon-systemd[12088]: IPv4 forwarding is enabled
Jun 22 12:34:57 koala charon-systemd[12088]: factory default password is disabled
Jun 22 12:34:57 koala charon-systemd[12088]: device ID is 5d95021396d2415e5c53ca2dea6fbc1c2387c56a
</pre>
The second PA-TNC message is of type *IETF / Software* and contains a PA-TNC segmentation contract request
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2
Jun 22 12:34:57 koala charon-systemd[12088]: => 28 bytes @ 0x7ff810005860
0: 01 00 00 00 19 74 B7 4E 00 00 55 97 00 00 00 21 .....t.N..U....!
16: 00 00 00 14 00 98 96 80 00 01 FF B8 ............
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC message with ID 0x1974b74e
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
</pre>
This is the decoded segmentation contract request
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 received a segmentation contract request from IMC 2 for PA message type 'IETF/Software' 0x000000/0x00000009
maximum attribute size of 10000000 bytes with maximum segment size of 131000 bytes
</pre>
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0xa41e0787
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 28 bytes @ 0x7ff810000a00
0: 01 00 00 00 A4 1E 07 87 00 00 55 97 00 00 00 22 ..........U...."
16: 00 00 00 14 00 98 96 80 00 01 FF B8 ............
Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
</pre>
The OS IMV also sends a segmentation contract request for PA message type *IETF / Operating System*
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 requests a segmentation contract for PA message type 'IETF/Operating System' 0x000000/0x00000001
maximum attribute size of 100000000 bytes with maximum segment size of 131000 bytes
</pre>
The strongTNC policy manager assigns a session ID and issues a single SWIDT workitem
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: assigned session ID 2 to Connection ID 1
Jun 22 12:34:57 koala charon-systemd[12088]: running policy script: 2>&1 ipsec imv_policy_manager start 2
Jun 22 12:34:57 koala charon-systemd[12088]: policy: imv_policy_manager start successful
Jun 22 12:34:57 koala charon-systemd[12088]: SWIDT workitem 9
</pre>
The OS IMV has not been assigned any work items by the policy manager and therefore terminates gracefully
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 has no workitems - no evaluation requested
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0x916d188f
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/Remediation Instructions' 0x000000/0x0000000a
Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 117 bytes @ 0x7ff810004f20
0: 01 00 00 00 91 6D 18 8F 00 00 00 00 00 00 00 09 .....m..........
16: 00 00 00 10 00 00 00 04 00 00 00 00 00 00 00 0A ................
32: 00 00 00 5D 00 00 00 00 00 00 00 02 00 00 00 42 ...]...........B
48: 49 50 20 50 61 63 6B 65 74 20 46 6F 72 77 61 72 IP Packet Forwar
64: 64 69 6E 67 0A 20 20 50 6C 65 61 73 65 20 64 69 ding. Please di
80: 73 61 62 6C 65 20 74 68 65 20 66 6F 72 77 61 72 sable the forwar
96: 64 69 6E 67 20 6F 66 20 49 50 20 70 61 63 6B 65 ding of IP packe
112: 74 73 02 65 6E ts.en
Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 provides recommendation 'allow' and evaluation 'don't know'
</pre>
The SWIMA IMV sends a segmentation contract request for PA message type *IETF / Software* as well
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 requests a segmentation contract for PA message type 'IETF/Software' 0x000000/0x00000009
maximum attribute size of 10000000 bytes with maximum segment size of 131000 bytes
</pre>
h2. Sending IETF SW Request Attribute
The SWIMA IMV is responsible for the SWIDT workitem and issues an *IETF / SW Request* attribute
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 handles SWIDT workitem 9
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 issues sw request 9
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0xeaeacdc3
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/SW Request' 0x000000/0x00000011
Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 52 bytes @ 0x7ff810005550
0: 01 00 00 00 EA EA CD C3 00 00 55 97 00 00 00 21 ..........U....!
16: 00 00 00 14 00 98 96 80 00 01 FF B8 00 00 00 00 ................
32: 00 00 00 11 00 00 00 18 20 00 00 00 00 00 00 09 ........ .......
48: 00 00 00 00 ....
Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
</pre>
The first Server DATA batch is sent to the TNC Client
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling outbound connection
Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Server Working' to 'Client Working'
Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-TNC SDATA batch
Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message
Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message
Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message
Jun 22 12:34:57 koala charon-systemd[12088]: sending PB-TNC SDATA batch (277 bytes) for Connection ID 1
Jun 22 12:34:57 koala charon-systemd[12088]: sending PT-TLS message #2 of type 'PB-TNC Batch' (293 bytes)
</pre>
h2. Receiving IETF SW Identity Inventory Attribute
A Client DATA batch has been received
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: received PT-TLS message #2 of type 'PB-TNC Batch' (131072 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: received TNCCS batch (131056 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling inbound connection
Jun 22 12:34:57 koala charon-systemd[12088]: processing PB-TNC CDATA batch for Connection ID 1
Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Client Working' to 'Server Working'
Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-PA message (131048 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 to IMV 2
Jun 22 12:34:57 koala charon-systemd[12088]: => 131024 bytes @ 0x7ff820090960
0: 01 00 00 00 AC 4D 42 7A 00 00 55 97 00 00 00 22 .....MBz..U...."
16: 00 00 00 14 00 98 96 80 00 01 FF B8 00 00 55 97 ..............U.
32: 00 00 00 23 00 01 FF B4 C0 00 00 01 00 00 00 00 ...#............
48: 00 00 00 12 00 02 88 84 00 00 08 01 00 00 00 09 ................
64: 3B 8A 77 A3 00 00 00 A1 00 00 0A CF 00 00 00 01 ;.w.............
80: 01 00 00 52 73 74 72 6F 6E 67 73 77 61 6E 2E 6F ...Rstrongswan.o
96: 72 67 5F 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 rg__Ubuntu_16.04
112: 2D 78 38 36 5F 36 34 2D 61 31 31 79 2D 70 72 6F -x86_64-a11y-pro
128: 66 69 6C 65 2D 6D 61 6E 61 67 65 72 2D 69 6E 64 file-manager-ind
144: 69 63 61 74 6F 72 2D 30 2E 31 2E 31 30 2D 30 75 icator-0.1.10-0u
160: 62 75 6E 74 75 33 00 00 00 00 0A D0 00 00 00 01 buntu3..........
176: 01 00 00 58 73 74 72 6F 6E 67 73 77 61 6E 2E 6F ...Xstrongswan.o
192: 72 67 5F 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 rg__Ubuntu_16.04
208: 2D 78 38 36 5F 36 34 2D 61 63 63 6F 75 6E 74 2D -x86_64-account-
224: 70 6C 75 67 69 6E 2D 66 61 63 65 62 6F 6F 6B 2D plugin-facebook-
240: 30 2E 31 32 7E 31 36 2E 30 34 2E 32 30 31 36 30 0.12~16.04.20160
256: 31 32 36 2D 30 75 62 75 6E 74 75 31 00 00 00 00 126-0ubuntu1....
272: 0A D1 00 00 00 01 01 00 00 56 73 74 72 6F 6E 67 .........Vstrong
288: 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 75 6E 74 75 swan.org__Ubuntu
304: 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 61 63 _16.04-x86_64-ac
320: 63 6F 75 6E 74 2D 70 6C 75 67 69 6E 2D 66 6C 69 count-plugin-fli
336: 63 6B 72 2D 30 2E 31 32 7E 31 36 2E 30 34 2E 32 ckr-0.12~16.04.2
352: 30 31 36 30 31 32 36 2D 30 75 62 75 6E 74 75 31 0160126-0ubuntu1
368: 00 00 00 00 0A D2 00 00 00 01 01 00 00 56 73 74 .............Vst
384: 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 rongswan.org__Ub
400: 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 untu_16.04-x86_6
416: 34 2D 61 63 63 6F 75 6E 74 2D 70 6C 75 67 69 6E 4-account-plugin
432: 2D 67 6F 6F 67 6C 65 2D 30 2E 31 32 7E 31 36 2E -google-0.12~16.
448: 30 34 2E 32 30 31 36 30 31 32 36 2D 30 75 62 75 04.20160126-0ubu
464: 6E 74 75 31 00 00 00 00 06 2E 00 00 00 01 01 00 ntu1............
...
130656: 00 00 00 01 01 00 00 4A 73 74 72 6F 6E 67 73 77 .......Jstrongsw
130672: 61 6E 2E 6F 72 67 5F 5F 55 62 75 6E 74 75 5F 31 an.org__Ubuntu_1
130688: 36 2E 30 34 2D 78 38 36 5F 36 34 2D 70 72 69 6E 6.04-x86_64-prin
130704: 74 65 72 2D 64 72 69 76 65 72 2D 68 70 63 75 70 ter-driver-hpcup
130720: 73 2D 33 2E 31 36 2E 33 7E 72 65 70 61 63 6B 30 s-3.16.3~repack0
130736: 2D 31 00 00 00 00 0E D8 00 00 00 01 01 00 00 43 -1.............C
130752: 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F strongswan.org__
130768: 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 Ubuntu_16.04-x86
130784: 5F 36 34 2D 70 72 69 6E 74 65 72 2D 64 72 69 76 _64-printer-driv
130800: 65 72 2D 6D 69 6E 31 32 78 78 77 2D 30 2E 30 2E er-min12xxw-0.0.
130816: 39 2D 39 00 00 00 00 0E D9 00 00 00 01 01 00 00 9-9.............
130832: 4F 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F Ostrongswan.org_
130848: 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 _Ubuntu_16.04-x8
130864: 36 5F 36 34 2D 70 72 69 6E 74 65 72 2D 64 72 69 6_64-printer-dri
130880: 76 65 72 2D 70 6E 6D 32 70 70 61 2D 31 2E 31 33 ver-pnm2ppa-1.13
130896: 7E 6E 6F 6E 64 62 73 2D 30 75 62 75 6E 74 75 35 ~nondbs-0ubuntu5
130912: 00 00 00 00 0E DA 00 00 00 01 01 00 00 51 73 74 .............Qst
130928: 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 rongswan.org__Ub
130944: 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 untu_16.04-x86_6
130960: 34 2D 70 72 69 6E 74 65 72 2D 64 72 69 76 65 72 4-printer-driver
130976: 2D 70 6F 73 74 73 63 72 69 70 74 2D 68 70 2D 33 -postscript-hp-3
130992: 2E 31 36 2E 33 7E 72 65 70 61 63 6B 30 2D 31 00 .16.3~repack0-1.
131008: 00 00 00 0E DB 00 00 00 01 01 00 00 3F 73 74 72 ............?str
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC message with ID 0xac4d427a
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'TCG/Attribute Segment Envelope' 0x005597/0x00000023
</pre>
The SWIMA IMC accepted the segmentation contract
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 received a segmentation contract response from IMC 2 for PA message type 'IETF/Software' 0x000000/0x00000009
maximum attribute size of 10000000 bytes with maximum segment size of 131000 bytes
</pre>
The first 128k segment of an the *IETF / Software* message Software Identifier Inventory* attribute has been received
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: received first segment for base attribute ID 1 (130980 bytes)
Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/SW Identifier Inventory' 0x000000/0x00000012
Jun 22 12:34:57 koala charon-systemd[12088]: 3 bytes insufficient to parse 63 bytes of data
</pre>
1646 complete software identifiers including their record ID were received in the first segment, 424 identifiers are to follow segment
<pre>
Jun 22 12:34:57 koala charon-systemd[12088]: received software identity inventory with 1625 items for request 9 at eid 161 of epoch 0x3b8a77a3, 424 items to follow
Jun 22 12:34:57 koala charon-systemd[12088]: 2767: strongswan.org__Ubuntu_16.04-x86_64-a11y-profile-manager-indicator-0.1.10-0ubuntu3
Jun 22 12:34:57 koala charon-systemd[12088]: 2768: strongswan.org__Ubuntu_16.04-x86_64-account-plugin-facebook-0.12~16.04.20160126-0ubuntu1
Jun 22 12:34:57 koala charon-systemd[12088]: 2769: strongswan.org__Ubuntu_16.04-x86_64-account-plugin-flickr-0.12~16.04.20160126-0ubuntu1
Jun 22 12:34:57 koala charon-systemd[12088]: 2770: strongswan.org__Ubuntu_16.04-x86_64-account-plugin-google-0.12~16.04.20160126-0ubuntu1
...
Jun 22 12:34:57 koala charon-systemd[12088]: 3799: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-hpcups-3.16.3~repack0-1
Jun 22 12:34:57 koala charon-systemd[12088]: 3800: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-min12xxw-0.0.9-9
Jun 22 12:34:57 koala charon-systemd[12088]: 3801: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-pnm2ppa-1.13~nondbs-0ubuntu5
Jun 22 12:34:57 koala charon-systemd[12088]: 3802: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-postscript-hp-3.16.3~repack0-1
</pre>
The SWIMA IMV requests the next segment of the *IETF / Software* message
<pre>
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: creating PA-TNC message with ID 0x41ff7fe5 0xeb46af13
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: creating PA-TNC attribute type 'TCG/Next Segment Request' 0x005597/0x00000024
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: created PA-TNC message: => 24 bytes @ 0x7ff82015ae30 0x7f2250158500
0: 01 00 00 00 41 FF 7F E5 EB 46 AF 13 00 00 55 97 00 00 00 24 ....A.....U....$ .....F....U....$
16: 00 00 00 10 00 00 00 01 ........
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: TNC server is handling outbound connection
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: PB-TNC state transition from 'Server Working' to 'Client Working'
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: creating PB-TNC SDATA batch
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: adding IETF/PB-PA message
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: sending PB-TNC SDATA batch (56 bytes) for Connection ID 1
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: sending PT-TLS message #3 of type 'PB-TNC Batch' (72 bytes)
</pre>
The second and last segment of the *IETF / Software* message has been received
<pre>
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: received PT-TLS message #3 of type 'PB-TNC Batch' (35112 (32859 bytes)
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: received TNCCS batch (35096 (32843 bytes)
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: TNC server is handling inbound connection
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: processing PB-TNC CDATA batch for Connection ID 1
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: PB-TNC state transition from 'Client Working' to 'Server Working'
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: processing IETF/PB-PA message (35088 (32835 bytes)
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 to IMV 2
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: => 35064 32811 bytes @ 0x7ff81802afa0 0x7f2270027540
0: 01 00 00 00 C4 99 91 B7 BA 96 5B 00 00 00 55 97 00 00 00 23 ..........U....# .......[..U....#
16: 00 00 88 F0 80 23 00 00 00 01 31 00 00 00 00 00 00 00 ...#....1.......
32: 00 00 01 01 00 00 48 73 74 72 6F 6E 67 73 77 61 ......Hstrongswa
48: 6E 2E ........ongswan.
32: 6F 72 67 5F 5F 55 62 75 6E 74 75 5F 31 36 2E 30 org__Ubuntu_16.0 n.org_Ubuntu_16.
48: 64: 30 34 2D 78 38 36 5F 36 34 2D 70 72 69 79 74 68 6F 6E 74 65 72 4-x86_64-printer 04-x86_64-python
64: 80: 32 2E 37 2D 64 72 69 65 76 65 72 2D 70 74 6F 75 63 68 32 2E 37 2E 31 32 2D 31 -driver-ptouch-1 2.7-dev-2.7.12-1
80: 96: 75 62 75 6E 74 75 30 7E 31 36 2E 30 34 2D 2E 31 00 ubuntu0~16.04.1.
112: 00 00 00 0E DC 00 00 00 00 00 01 01 00 .4-1............
96: 00 46 4C 73 74 72 ............Lstr
128: 6F 6E 67 73 77 61 6E 2E 6F 72 67 .Fstrongswan.org
112: 5F 5F 55 62 75 6E ongswan.org_Ubun
144: 74 75 5F 31 36 2E 30 34 2D 78 __Ubuntu_16.04-x
128: 38 36 5F 36 34 2D tu_16.04-x86_64-
160: 70 72 79 74 68 6F 6E 32 2E 37 2D 6D 69 6E 74 65 72 2D 64 72 69 6D 61 86_64-printer-dr python2.7-minima
144: 69 76 65 72 2D 70 78 176: 6C 6A 72 2D 32 2E 37 2E 31 2E 34 7E 72 32 2D 31 75 62 75 6E 74 75 iver-pxljr-1.4~r l-2.7.12-1ubuntu
160: 65 70 61 63 6B 192: 30 2D 7E 31 36 2E 30 34 2E 31 00 00 00 00 0E DD 00 00 00 epack0-4........ 0~16.04.1.......
176: 208: 00 00 01 01 00 00 47 32 73 74 72 6F 6E 67 73 77 61 6E .....Gstrongswan ......2strongswa
192: 224: 6E 2E 6F 72 67 5F 5F 55 62 75 6E 74 75 5F 31 36 2E .org__Ubuntu_16. n.org_Ubuntu_16.
208: 240: 30 34 2D 78 38 36 5F 36 34 2D 70 72 69 79 74 68 6F 6E 74 65 04-x86_64-printe 04-x86_64-python
224: 72 256: 33 2D 64 72 69 76 65 72 2D 73 61 67 2D 67 64 69 r-driver-sag-gdi
240: 2D 30 33 2E 35 2E 31 2D 34 75 62 75 6E 74 75 31 33 00 00 00 00 00 00 00 -0.1-4ubuntu1... 3-3.5.1-3.......
256: 272: 00 0E DE 00 00 00 01 01 00 00 50 43 73 74 72 6F 6E ..........Pstron
272: 67 73 77 61 ......Cstrongswa
288: 6E 2E 6F 72 67 5F 5F 55 62 75 6E 74 gswan.org__Ubunt
288: 75 5F 31 36 2E n.org_Ubuntu_16.
304: 30 34 2D 78 38 36 5F 36 34 2D 70 79 74 68 6F 6E u_16.04-x86_64-p 04-x86_64-python
304: 320: 33 2D 61 70 70 6F 72 69 6E 74 65 72 2D 64 72 69 76 65 72 2D 73 70 rinter-driver-sp
320: 6C 69 78 2D 32 2E 32 30 2E 30 7E 73 76 6E 33 31 35 2D lix-2.0.0~svn315 3-apport-2.20.1-
336: 2D 34 66 61 6B 65 73 79 30 75 62 75 6E 63 31 74 75 32 2E 36 00 00 00 00 06 00 00 -4fakesync1..... 0ubuntu2.6......
...
34688: 75 32
32448: 00 00 00 00 0F E0 00 00 00 01 01 00 00 43 u2.............C
34704: 42 73 74 72 6F 6E 67 73 77 .......Bstrongsw
32464: 61 6E 2E 6F 72 67 5F 5F strongswan.org__
34720: 55 62 75 6E 74 75 5F 31 36 an.org_Ubuntu_16
32480: 2E 30 34 2D 78 38 36 Ubuntu_16.04-x86
34736: 5F 36 34 2D 7A 65 6E 69 74 .04-x86_64-zenit
32496: 79 2D 63 6F 6D 6D 6F _64-zenity-commo
34752: 6E 2D 33 2E 31 38 2E 31 2E y-common-3.18.1.
32512: 31 2D 31 75 62 75 6E n-3.18.1.1-1ubun
34768: 74 75 32 00 00 00 00 0F E1 00 00 1-1ubuntu2......
32528: 00 00 00 01 01 00 00 tu2.............
34784: 2E 2D 73 74 72 6F 6E 67 73 77 .......-strongsw
32544: 61 6E 2E 6F 72 67 5F .strongswan.org_
34800: 5F 55 62 75 6E 74 75 5F 31 36 an.org_Ubuntu_16
32560: 2E 30 34 2D 78 38 _Ubuntu_16.04-x8
34816: 36 5F 36 34 2D 7A 69 70 2D 33 .04-x86_64-zip-3
32576: 2E 30 2D 31 31 00 6_64-zip-3.0-11.
34832: 00 00 00 09 D2 00 00 00 00 00 01 01 .0-11...........
32592: 00 00 42 41 73 74 72 ............Bstr
34848: 6F 6E 67 73 77 61 6E 2E 6F 72 ..Astrongswan.or
32608: 67 5F 5F 55 62 75 ongswan.org__Ubu
34864: 6E 74 75 5F 31 36 2E 30 34 2D 78 g_Ubuntu_16.04-x
32624: 38 36 5F 36 34 ntu_16.04-x86_64
34880: 2D 7A 6C 69 62 31 67 2D 31 7E 31 86_64-zlib1g-1~1
32640: 2E 32 2E 38 2E -zlib1g-1~1.2.8.
34896: 64 66 73 67 2D 32 75 62 75 6E 74 .2.8.dfsg-2ubunt
32656: 75 34 2E 31 00 dfsg-2ubuntu4.1.
34912: 00 00 00 09 D9 00 00 00 00 00 01 01 00 u4.1............
32672: 00 46 45 73 74 72 ............Fstr
34928: 6F 6E 67 73 77 61 6E 2E 6F 72 67 .Estrongswan.org
32688: 5F 5F 55 62 75 ongswan.org__Ubu
34944: 6E 74 75 5F 31 36 2E 30 34 2D 78 38 _Ubuntu_16.04-x8
32704: 36 5F 36 34 ntu_16.04-x86_64
34960: 2D 7A 6C 69 62 31 67 2D 64 65 76 2D 6_64-zlib1g-dev-
32720: 31 7E 31 2E -zlib1g-dev-1~1.
34976: 32 2E 38 2E 64 66 73 67 2D 32 75 62 1~1.2.8.dfsg-2ub
32736: 75 6E 74 75 2.8.dfsg-2ubuntu
34992: 34 2E 31 00 00 00 00 00 00 00 00 00 untu4.1.........
32752: 01 02 00 00 4.1.............
35008: 20 1F 73 74 72 6F 6E 67 73 77 61 6E 2E .....strongswan.
32768: 6F 72 67 5F strongswan.org_
35024: 5F 73 74 72 6F 6E 67 53 77 61 6E 2D 35 org_strongSwan-5
32784: 2D 35 2D _strongSwan-5-5-
35040: 33 00 15 2F 75 73 72 2F 73 68 61 72 65 -5-3../usr/share
32800: 2F 73 74 3../usr/share/st
35056: 72 6F 6E 67 73 77 61 6E rongswan /strongswan
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: processing PA-TNC message with ID 0xc4999100 0xb7ba965b
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: processing PA-TNC attribute type 'TCG/Attribute Segment Envelope' 0x005597/0x00000023
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: received last segment for base attribute ID 1 (35040 (32787 bytes)
</pre>
The remaining software identifiers have been received. The *IETF / Software Identifier Inventory* attribute is complete
<pre>
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: received software identity inventory with 424 401 items for request 9 251 at eid 161 1 of epoch 0x3b8a77a3, 0x11223344, 0 items to follow
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: 3803: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-ptouch-1.4-1 strongswan.org_Ubuntu_16.04-x86_64-python2.7-2.7.12-1ubuntu0~16.04.1
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: 3804: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-pxljr-1.4~repack0-4 strongswan.org_Ubuntu_16.04-x86_64-python2.7-dev-2.7.12-1ubuntu0~16.04.1
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: 3805: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-sag-gdi-0.1-4ubuntu1 strongswan.org_Ubuntu_16.04-x86_64-python2.7-minimal-2.7.12-1ubuntu0~16.04.1
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: 3806: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-splix-2.0.0~svn315-4fakesync1 strongswan.org_Ubuntu_16.04-x86_64-python3-3.5.1-3
...
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: 4064: strongswan.org__Ubuntu_16.04-x86_64-zenity-common-3.18.1.1-1ubuntu2 strongswan.org_Ubuntu_16.04-x86_64-python3-apport-2.20.1-0ubuntu2.6
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-zenity-common-3.18.1.1-1ubuntu2
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: 4065: strongswan.org__Ubuntu_16.04-x86_64-zip-3.0-11 strongswan.org_Ubuntu_16.04-x86_64-zip-3.0-11
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: 2514: strongswan.org__Ubuntu_16.04-x86_64-zlib1g-1~1.2.8.dfsg-2ubuntu4.1 strongswan.org_Ubuntu_16.04-x86_64-zlib1g-1~1.2.8.dfsg-2ubuntu4.1
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: 2521: strongswan.org__Ubuntu_16.04-x86_64-zlib1g-dev-1~1.2.8.dfsg-2ubuntu4.1 strongswan.org_Ubuntu_16.04-x86_64-zlib1g-dev-1~1.2.8.dfsg-2ubuntu4.1
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: 0: strongswan.org__strongSwan-5-5-3 charon-systemd[27680]: strongswan.org_strongSwan-5-5-3
</pre>
h2. Sending IETF [Targeted] SW Request Attribute
All software identifiers are sent to the strongTNC policy manager via a REST-ful interface. The policy manager checks all software identifiers in its database and finds that it does not have a <pre>
un 13 14:47:16 koala charon-systemd[27680]: 12 SWID tag for the strongSwan-5.5.3 software
<pre> targets
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: sending request to 'https://admin-user:xxxxxxxxxx!@tnc.strongswan.org/api/sessions/2/swid-measurement/'... strongswan.org_Ubuntu_16.04-x86_64-libqt5core5a-5.5.1~dfsg-16ubuntu7.5
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: 1 SWID tag target charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5dbus5-5.5.1~dfsg-16ubuntu7.5
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: strongswan.org__strongSwan-5-5-3 strongswan.org_Ubuntu_16.04-x86_64-libqt5gui5-5.5.1~dfsg-16ubuntu7.5
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5network5-5.5.1~dfsg-16ubuntu7.5
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5opengl5-5.5.1~dfsg-16ubuntu7.5
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5printsupport5-5.5.1~dfsg-16ubuntu7.5
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5sql5-5.5.1~dfsg-16ubuntu7.5
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5sql5-sqlite-5.5.1~dfsg-16ubuntu7.5
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5test5-5.5.1~dfsg-16ubuntu7.5
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5widgets5-5.5.1~dfsg-16ubuntu7.5
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_Ubuntu_16.04-x86_64-libqt5xml5-5.5.1~dfsg-16ubuntu7.5
Jun 13 14:47:16 koala charon-systemd[27680]: strongswan.org_strongSwan-5-5-3
</pre>
A targeted *IETF / SW Request* attribute is sent in Server DATA batch
<pre>
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: creating PA-TNC message with ID 0x6d9f210a 0x5f558479
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: creating PA-TNC attribute type 'IETF/SW Request' 0x000000/0x00000011
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: created PA-TNC message: => 66 866 bytes @ 0x7ff8180036c0 0x7f2270179190
0: 01 00 00 00 6D 9F 21 0A 5F 55 84 79 00 00 00 00 00 00 00 11 ....m.!......... ...._U.y........
16: 00 00 03 5A 00 3A 00 00 0C 00 01 00 00 FB 00 09 00 00 00 00 ...:............ ...Z............
32: 00 20 46 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 . strongswan.org .Fstrongswan.org
48: 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 _Ubuntu_16.04-x8
64: 36 5F 36 34 2D 6C 69 62 71 74 35 63 6F 72 65 35 6_64-libqt5core5
80: 61 2D 35 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75 a-5.5.1~dfsg-16u
96: 62 75 6E 74 75 37 2E 35 00 45 73 74 72 6F 6E 67 buntu7.5.Estrong
112: 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F swan.org_Ubuntu_
128: 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 6C 69 62 16.04-x86_64-lib
144: 71 74 35 64 62 75 73 35 2D 35 2E 35 2E 31 7E 64 qt5dbus5-5.5.1~d
160: 66 73 67 2D 31 36 75 62 75 6E 74 75 37 2E 35 00 fsg-16ubuntu7.5.
176: 44 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F Dstrongswan.org_
192: 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 Ubuntu_16.04-x86
208: 5F 36 34 2D 6C 69 62 71 74 35 67 75 69 35 2D 35 _64-libqt5gui5-5
224: 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75 62 75 6E .5.1~dfsg-16ubun
240: 74 75 37 2E 35 00 48 73 74 72 6F 6E 67 73 77 61 tu7.5.Hstrongswa
256: 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 36 2E n.org_Ubuntu_16.
272: 30 34 2D 78 38 36 5F 36 34 2D 6C 69 62 71 74 35 04-x86_64-libqt5
288: 6E 65 74 77 6F 72 6B 35 2D 35 2E 35 2E 31 7E 64 network5-5.5.1~d
304: 66 73 67 2D 31 36 75 62 75 6E 74 75 37 2E 35 00 fsg-16ubuntu7.5.
320: 47 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F Gstrongswan.org_
336: 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 Ubuntu_16.04-x86
352: 5F 36 34 2D 6C 69 62 71 74 35 6F 70 65 6E 67 6C _64-libqt5opengl
368: 35 2D 35 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75 5-5.5.1~dfsg-16u
384: 62 75 6E 74 75 37 2E 35 00 4D 73 74 72 6F 6E 67 buntu7.5.Mstrong
400: 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F swan.org_Ubuntu_
416: 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 6C 69 62 16.04-x86_64-lib
432: 71 74 35 70 72 69 6E 74 73 75 70 70 6F 72 74 35 qt5printsupport5
448: 2D 35 2E 35 2E 31 7E 64 66 73 67 2D 31 36 75 62 -5.5.1~dfsg-16ub
464: 75 6E 74 75 37 2E 35 00 44 73 74 72 6F 6E 67 73 untu7.5.Dstrongs
480: 77 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 75 5F 31 wan.org_Ubuntu_1
496: 36 2E 30 34 2D 78 38 36 5F 36 34 2D 6C 69 62 71 6.04-x86_64-libq
512: 74 35 73 71 6C 35 2D 35 2E 35 2E 31 7E 64 66 73 t5sql5-5.5.1~dfs
528: 67 2D 31 36 75 62 75 6E 74 75 37 2E 35 00 4B 73 g-16ubuntu7.5.Ks
544: 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 55 62 trongswan.org_Ub
560: 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 untu_16.04-x86_6
576: 34 2D 6C 69 62 71 74 35 73 71 6C 35 2D 73 71 6C 4-libqt5sql5-sql
592: 69 74 65 2D 35 2E 35 2E 31 7E 64 66 73 67 2D 31 ite-5.5.1~dfsg-1
608: 36 75 62 75 6E 74 75 37 2E 35 00 45 73 74 72 6F 6ubuntu7.5.Estro
624: 6E 67 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E 74 ngswan.org_Ubunt
640: 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 6C u_16.04-x86_64-l
656: 69 62 71 74 35 74 65 73 74 35 2D 35 2E 35 2E 31 ibqt5test5-5.5.1
672: 7E 64 66 73 67 2D 31 36 75 62 75 6E 74 75 37 2E ~dfsg-16ubuntu7.
688: 35 00 48 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 5.Hstrongswan.or
704: 67 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 g_Ubuntu_16.04-x
720: 38 36 5F 36 34 2D 6C 69 62 71 74 35 77 69 64 67 86_64-libqt5widg
736: 65 74 73 35 2D 35 2E 35 2E 31 7E 64 66 73 67 2D ets5-5.5.1~dfsg-
752: 31 36 75 62 75 6E 74 75 37 2E 35 00 44 73 74 72 16ubuntu7.5.Dstr
768: 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 55 62 75 6E ongswan.org_Ubun
784: 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D tu_16.04-x86_64-
800: 6C 69 62 71 74 35 78 6D 6C 35 2D 35 2E 35 2E 31 libqt5xml5-5.5.1
816: 7E 64 66 73 67 2D 31 36 75 62 75 6E 74 75 37 2E ~dfsg-16ubuntu7.
832: 35 00 1F 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 5..strongswan.or
848: 67 5F 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 35 __strongSwan-5-5
64: g_strongSwan-5-5
864: 2D 33 -3
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: TNC server is handling outbound connection
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: PB-TNC state transition from 'Server Working' to 'Client Working'
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: creating PB-TNC SDATA batch
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: adding IETF/PB-PA message
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: sending PB-TNC SDATA batch (98 (898 bytes) for Connection ID 1
Jun 22 12:34:57 13 14:47:16 koala charon-systemd[12088]: charon-systemd[27680]: sending PT-TLS message #4 of type 'PB-TNC Batch' (114 (914 bytes)
</pre>
h2. Receiving IETF SW Inventory Attribute
<pre>
Jun 22 12:34:58 13 14:47:18 koala charon-systemd[12088]: charon-systemd[27680]: received PT-TLS message #4 of type 'PB-TNC Batch' (508 (6892 bytes)
Jun 22 12:34:58 13 14:47:18 koala charon-systemd[12088]: charon-systemd[27680]: received TNCCS batch (492 (6876 bytes)
Jun 22 12:34:58 13 14:47:18 koala charon-systemd[12088]: charon-systemd[27680]: TNC server is handling inbound connection
Jun 22 12:34:58 13 14:47:18 koala charon-systemd[12088]: charon-systemd[27680]: processing PB-TNC CDATA batch for Connection ID 1
Jun 22 12:34:58 13 14:47:18 koala charon-systemd[12088]: charon-systemd[27680]: PB-TNC state transition from 'Client Working' to 'Server Working'
Jun 22 12:34:58 13 14:47:18 koala charon-systemd[12088]: charon-systemd[27680]: processing IETF/PB-PA message (484 (6868 bytes)
Jun 22 12:34:58 13 14:47:18 koala charon-systemd[12088]: charon-systemd[27680]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 22 12:34:58 13 14:47:18 koala charon-systemd[12088]: charon-systemd[27680]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 to IMV 2
Jun 22 12:34:58 13 14:47:18 koala charon-systemd[12088]: charon-systemd[27680]: => 460 6844 bytes @ 0x7ff83c003ef0 0x7f226800cde0
0: 01 00 00 00 9A 73 D4 63 6D 84 09 75 00 00 00 00 00 00 00 14 .....s.c........ ....m..u........
16: 00 00 01 C4 1A B4 00 00 00 01 0C 00 00 00 09 FB 11 22 33 44 ............."3D
32: 00 00 00 01 00 00 00 00 00 00 00 01 02 01 00 00 20 46 ...............
...............F
48: 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F 55 strongswan.org__ strongswan.org_U
64: 73 62 75 6E 74 72 6F 6E 67 53 77 61 6E 75 5F 31 36 2E 30 34 2D 35 2D 35 2D 33 78 38 36 5F strongSwan-5-5-3 buntu_16.04-x86_
80: 00 15 2F 75 73 36 34 2D 6C 69 62 71 74 35 63 6F 72 2F 73 68 65 35 61 72 65 2F 73 74 72 2D ../usr/share/str 64-libqt5core5a-
96: 6F 6E 35 2E 35 2E 31 7E 64 66 73 67 73 77 61 2D 31 36 75 62 75 5.5.1~dfsg-16ubu
112: 6E 74 75 37 2E 35 00 00 00 00 01 61 EA 3C 3F 78 6D 6C ongswan...a<?xml ntu7.5......<?xm
112: 128: 6C 20 76 65 72 73 69 6F 6E 3D 22 31 2E 30 22 20 l version="1.0"
144: 65 version="1.0" e
128: 6E 63 6F 64 69 6E 67 3D 22 75 74 66 2D 38 22 3F ncoding="utf-8"? encoding="utf-8"
144: 160: 3F 3E 0A 0A 3C 53 6F 66 74 77 61 72 65 49 64 65 6E 74 >..<SoftwareIden ?><SoftwareIdent
160: 74 176: 69 74 79 0A 20 20 6E 61 6D 65 3D 22 73 6C 69 62 71 74 72 35 tity. name="str ity name="libqt5
176: 192: 63 6F 6E 67 53 77 72 65 35 61 6E 22 0A 20 20 74 61 67 49 64 3D 22 55 ongSwan". core5a" tagId="U
208: 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F tagId buntu_16.04-x86_
192: 3D 22 73 224: 36 34 2D 6C 69 62 71 74 35 63 6F 72 6F 6E 67 53 77 65 35 61 6E 2D 64-libqt5core5a-
240: 35 2E 35 2E 31 7E 64 66 73 67 2D 35 31 36 75 62 75 ="strongSwan-5-5 5.5.1~dfsg-16ubu
208: 2D 33 256: 6E 74 75 37 2E 35 22 0A 20 20 76 65 72 73 69 6F 6E 3D ntu7.5" version=
272: 22 35 2E 35 2E 31 2B 64 66 73 67 2D 31 36 75 62 -3". version="5 "5.5.1+dfsg-16ub
224: 288: 75 6E 74 75 37 2E 35 2E 33 22 20 76 65 72 73 69 6F 6E untu7.5" version
304: 53 63 68 .5.3" versionSch
240: 65 6D 65 3D 22 61 6C 70 68 61 6E 75 6D Scheme="alphanum
320: 65 72 69 eme="alphanumeri
256: 63 22 0A 20 20 78 6D 6C 6E 73 3D 22 68 74 74 70 c". xmlns="http eric" xmlns="htt
272: 336: 70 3A 2F 2F 73 74 61 6E 64 61 72 64 73 2E 69 73 6F ://standards.iso p://standards.is
288: 352: 6F 2E 6F 72 67 2F 69 73 6F 2F 31 39 37 37 30 2F 2D .org/iso/19770/- o.org/iso/19770/
304: 368: 2D 32 2F 32 30 31 35 2F 73 63 68 65 6D 61 2E 78 73 2/2015/schema.xs -2/2015/schema.x
320: 384: 73 64 22 3E 0A 20 20 3C 45 6E 74 69 74 79 0A 20 20 d">. <Entity.
336: 20 20 6E 61 78 6D 65 3D 22 73 74 72 6F 6C 6E 67 53 77 name="strongSw
352: 61 6E 20 50 72 6F 6A 65 63 74 22 0A 20 20 20 20 an Project".
368: 72 65 67 69 64 3D 22 73 74 72 6F 3A 6E 67 73 77 61 regid="strongswa
384: 6E 2E 6F 72 67 22 0A 20 20 20 20 72 6F 6C 65 38 30 36 30 3D n.org". role= sd" xmlns:n8060=
400: 22 73 6F 66 68 74 77 61 72 65 43 72 65 61 74 6F 70 3A 2F 2F 63 73 72 63 2E 6E 69 73 "softwareCreator "http://csrc.nis
416: 20 6C 69 63 65 6E 73 6F 72 20 74 61 2E 67 43 72 65 licensor tagCre
432: 61 74 6F 72 22 2F 3E 0A 3C 2F 53 6F 66 74 77 61 ator"/>.</Softwa
448: 72 65 49 64 65 6E 74 69 74 79 3E 0A reIdentity>.
Jun 22 12:34:58 koala charon-systemd[12088]: processing PA-TNC message with ID 0x9a73d463
Jun 22 12:34:58 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/SW Inventory' 0x000000/0x00000014
Jun 22 12:34:58 koala charon-systemd[12088]: received software inventory with 1 item for request 9 at eid 1 of epoch 0x11223344, 0 items to follow
</pre>
The XML-encoded ISO-17770-2:2015 SWID tag for the strongswan-5-5-3 software
<pre>
Jun 22 12:34:58 koala charon-systemd[12088]: <?xml version="1.0" encoding="utf-8"?>
<SoftwareIdentity
name="strongSwan"
tagId="strongSwan-5-5-3"
version="5.5.3" versionScheme="alphanumeric"
xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
<Entity
name="strongSwan Project"
regid="strongswan.org"
role="softwareCreator licensor tagCreator"/>
</SoftwareIdentity>
</pre>
The SWID tag is uploaded to the strongTNC policy manager via the REST-ful API. Then the complete software identifier inventory is reposted
<pre>
Jun 22 12:34:58 koala charon-systemd[12088]: sending request to 'https://admin-user:xxxxxxxxxx!@tnc.strongswan.org/api/swid/add-tags/'...
Jun 22 12:34:58 koala charon-systemd[12088]: sending request to 'https://admin-user:xxxxxxxxxx!@tnc.strongswan.org/api/sessions/2/swid-measurement/'...
</pre>
h2. Terminating PT-TLS Client Connection
The PT-TLS client session is terminated
<pre>
Jun 22 12:34:58 koala charon-systemd[12088]: IMV 2 handled SWIDT workitem 9: allow - received inventory of 2049 SWID tag IDs and 1 SWID tag
Jun 22 12:34:58 koala charon-systemd[12088]: creating PA-TNC message with ID 0xf63cbcf4
Jun 22 12:34:58 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
Jun 22 12:34:58 koala charon-systemd[12088]: created PA-TNC message: => 24 bytes @ 0x7ff83c000f50
0: 01 00 00 00 F6 3C BC F4 00 00 00 00 00 00 00 09 .....<..........
16: 00 00 00 10 00 00 00 00 ........
Jun 22 12:34:58 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
Jun 22 12:34:58 koala charon-systemd[12088]: IMV 2 provides recommendation 'allow' and evaluation 'compliant'
Jun 22 12:34:58 koala charon-systemd[12088]: TNC server is handling outbound connection
Jun 22 12:34:58 koala charon-systemd[12088]: running policy script: 2>&1 ipsec imv_policy_manager stop 2
Jun 22 12:34:58 koala charon-systemd[12088]: policy: recommendation for access requestor 46.126.238.39 is allow
Jun 22 12:34:58 koala charon-systemd[12088]: policy: imv_policy_manager stop successful
Jun 22 12:34:58 koala charon-systemd[12088]: IMV 1 "OS" changed state of Connection ID 1 to 'Allowed'
Jun 22 12:34:58 koala charon-systemd[12088]: IMV 2 "SWIMA" changed state of Connection ID 1 to 'Allowed'
Jun 22 12:34:58 koala charon-systemd[12088]: PB-TNC state transition from 'Server Working' to 'Decided'
Jun 22 12:34:58 koala charon-systemd[12088]: creating PB-TNC RESULT batch
Jun 22 12:34:58 koala charon-systemd[12088]: adding IETF/PB-PA message
Jun 22 12:34:58 koala charon-systemd[12088]: adding IETF/PB-Assessment-Result message
Jun 22 12:34:58 koala charon-systemd[12088]: adding IETF/PB-Access-Recommendation message
Jun 22 12:34:58 koala charon-systemd[12088]: sending PB-TNC RESULT batch (88 bytes) for Connection ID 1
Jun 22 12:34:58 koala charon-systemd[12088]: sending PT-TLS message #5 of type 'PB-TNC Batch' (104 bytes)
Jun 22 12:34:58 koala charon-systemd[12088]: received PT-TLS message #5 of type 'PB-TNC Batch' (24 bytes)
Jun 22 12:34:58 koala charon-systemd[12088]: received TNCCS batch (8 bytes)
Jun 22 12:34:58 koala charon-systemd[12088]: TNC server is handling inbound connection
Jun 22 12:34:58 koala charon-systemd[12088]: processing PB-TNC CLOSE batch for Connection ID 1
Jun 22 12:34:58 koala charon-systemd[12088]: PB-TNC state transition from 'Decided' to 'End'
Jun 22 12:34:58 koala charon-systemd[12088]: final recommendation is 'allow' and evaluation is 'compliant'
Jun 22 12:34:58 koala charon-systemd[12088]: PT-TLS connection terminates
Jun 22 12:34:58 koala charon-systemd[12088]: IMV 1 "OS" deleted the state of Connection ID 1
Jun 22 12:34:58 koala charon-systemd[12088]: IMV 2 "SWIMA" deleted the state of Connection ID 1
Jun 22 12:34:58 koala charon-systemd[12088]: removed TNCCS Connection ID 1
Jun 22 12:34:58 koala charon-systemd[12088]: sending TLS close notify
</pre>
h2. Stopping PT-TLS Daemon
The strongSwan PT-TLS server daemon can be stopped using the following systemd command
<pre>
systemctl stop strongswan-swanctl
</pre>
<pre>
Jun 22 14:11:43 koala charon-systemd[12088]: SIGTERM received, shutting down
Jun 22 14:11:43 koala systemd[1]: Stopping strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
Jun 22 14:11:43 koala charon-systemd[12088]: sending TLS close notify
Jun 22 14:11:43 koala charon-systemd[12088]: IMV 2 "SWIMA" terminated
Jun 22 14:11:43 koala charon-systemd[12088]: IMV 1 "OS" terminated
Jun 22 14:11:43 koala charon-systemd[12088]: removed IETF attributes
Jun 22 14:11:43 koala charon-systemd[12088]: removed ITA-HSR attributes
Jun 22 14:11:43 koala charon-systemd[12088]: removed PWG attributes
Jun 22 14:11:43 koala charon-systemd[12088]: removed TCG attributes
Jun 22 14:11:43 koala charon-systemd[12088]: libimcv terminated
Jun 22 14:11:43 koala systemd[1]: Stopped strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
</pre> [ Incomplete diff, document too large... ]