Version 25 - History - Software Inventory Message and Attributes for PA-TNC (SWIMA) - strongSwan

Software Inventory Message and Attributes for PA-TNC (SWIMA) » History » Version 25

Andreas Steffen, 22.06.2017 15:47

-Andreas Steffen
+h1. Software Inventory Message and Attributes for PA-TNC (SWIMA)
 Andreas Steffen
-Andreas Steffen
+{{>toc}}
 Andreas Steffen
-Andreas Steffen
+h2. Starting PT-TLS Server Daemon
 Andreas Steffen
-Andreas Steffen
+The PT-TLS server based on the strongSwan systemd daemon is usually started automatically at boot time with the command
-Andreas Steffen
+<pre>
-Andreas Steffen
+systemctl start strongswan-swanctl
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+First all the PA-TNC attribute definitions from the IETF, TCG, ITA-HSR and PWG namespaces are loaded. The IMVs to by dynamically loaded are read from _/etc/tnc_config_.
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:31:28 koala systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: TNC recommendation policy is 'default'
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: loading IMVs from '/etc/tnc_config'
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: added IETF attributes
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: added ITA-HSR attributes
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: added PWG attributes
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: added TCG attributes
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: libimcv initialized
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The OS IMV is loaded as a dynamic library and attached to the TNC server.
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: IMV 1 "OS" initialized
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: IMV 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: IMV 1 "OS" loaded from '/usr/lib/ipsec/imcvs/imv-os.so'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The SWIMA IMV is loaded as a dynamic library and attached to the TNC server.
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: IMV 2 "SWIMA" initialized
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: IMV 2 supports 1 message type: 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: IMV 2 "SWIMA" loaded from '/usr/lib/ipsec/imcvs/imv-swima.so'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The strongSwan daemon loads all required plugins and goes into multi-threading mode so that multiple PT-TLS connections can be handled
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: loaded plugins: charon-systemd charon-systemd random nonce x509 tpm openssl revocation constraints pubkey pkcs1 pkcs8 pkcs12 pem tnc-imv tnc-pdp tnc-tnccs tnccs-20 kernel-netlink socket-default sqlite curl vici
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: spawning 16 worker threads
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+Multiple PT-TLS server and CA certificates are loaded into the daemon
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=MSE, OU=TSM_ITSec, CN=mse2.strongswan.org'
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=strongSec GmbH, CN=koala.strongsec.com'
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=strongSec GmbH, CN=koala.strongsec.com'
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA'
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The actual loading is done by the *swanctl* command line tool which transfers the certificates to the daemon via a Unix socket.
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509/MSE2_Cert.pem'
-Andreas Steffen
+Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509/koala_AIK_ECC_Cert.pem'
-Andreas Steffen
+Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509/koala_AIK_RSA_Cert.pem'
-Andreas Steffen
+Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509ca/strongsecCaCert.pem'
-Andreas Steffen
+Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509ca/MSE_CA_Cert.pem'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The first server certificate has a matching ECDSA private key loaded from file
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: loaded ECDSA private key
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The second server certificate has a matching ECDSA key protected by a TPM 2.0
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES MGF1 KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 ECMQV KDF1_SP800_108 ECC SYMCIPHER CTR OFB CBC CFB ECB
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
-Andreas Steffen
+Jun 22 12:31:28 koala charon-systemd[12088]: TPM 2.0 via TSS2 available
-Andreas Steffen
+Jun 22 12:31:29 koala charon-systemd[12088]: AIK signature algorithm is ECDSA with SHA256 hash
-Andreas Steffen
+Jun 22 12:31:29 koala charon-systemd[12088]: loaded ECDSA private key from token
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The third server certificate has a matching RSA key protected by a TPM 2.0
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:31:29 koala charon-systemd[12088]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES MGF1 KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 ECMQV KDF1_SP800_108 ECC SYMCIPHER CTR OFB CBC CFB ECB
-Andreas Steffen
+Jun 22 12:31:29 koala charon-systemd[12088]: TPM 2.0 - ECC curves: NIST_P256 BN_P256
-Andreas Steffen
+Jun 22 12:31:29 koala charon-systemd[12088]: TPM 2.0 via TSS2 available
-Andreas Steffen
+Jun 22 12:31:29 koala charon-systemd[12088]: AIK signature algorithm is RSASSA with SHA256 hash
-Andreas Steffen
+Jun 22 12:31:29 koala charon-systemd[12088]: loaded RSA private key from token
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+Again it is the *swanctl* tool which loads the private keys or determines the IDs of keys residing on smartcard or TPM devices.
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:31:29 koala swanctl[12107]: loaded ecdsa key from '/etc/swanctl/ecdsa/MSE2_Key.pem'
-Andreas Steffen
+Jun 22 12:31:29 koala swanctl[12107]: loaded key token_ak_ecc from token [keyid: 8e70ca6665cd2e6c7893e407cb9a7cd6264d714f]
-Andreas Steffen
+Jun 22 12:31:29 koala swanctl[12107]: loaded key token_ak_rsa from token [keyid: ce431f647d549f759267422f4097c874e2eca547]
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The PT-TLS server is now up and ready to accept connections on the default TCP port 271.
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:31:29 koala systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. Accepting PT-TLS Client Connection
 Andreas Steffen
-Andreas Steffen
+A PT-TLS client connects to the PT-TLS server and does a TLS 1.2 handshake to establish a secure socket
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]: accepting PT-TLS stream from 46.126.238.39
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]: entering PT-TLS negotiation phase
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]: negotiated TLS 1.2 using suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]: sending TLS server certificate 'C=CH, O=MSE, OU=TSM_ITSec, CN=mse2.strongswan.org'
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]: sending TLS cert request for 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA'
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]: sending TLS cert request for 'C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA'
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]: received TLS peer certificate 'C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com'
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]:   using certificate "C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com"
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]:   using trusted ca certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]: checking certificate status of "C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com"
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]:   using trusted certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]:   crl correctly signed by "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]:   crl is valid: until Jun 25 10:00:01 2017
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]:   using cached crl
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]:   using trusted certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]:   crl correctly signed by "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]:   crl is valid: until Jun 23 10:00:01 2017
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]:   using cached crl
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]: certificate status is good
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]:   reached self-signed root ca with a path length of 0
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The PT-TLS protocol is started skipping SASL-based client authentication because the client already authenticated itself during the TLS handshake.
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]: received PT-TLS message #0 of type 'Version Request' (20 bytes)
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]: sending PT-TLS message #0 of type 'Version Response' (20 bytes)
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]: negotiated PT-TLS version 1
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]: doing SASL client authentication
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]: skipping SASL, client already authenticated by TLS certificate
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]: sending PT-TLS message #1 of type 'SASL Mechanisms' (16 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The PT-TLS protocol switches to the data transport phase and a TNCCS (PB-TNC) connection is instantiated
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:56 koala charon-systemd[12088]: entering PT-TLS data transport phase
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: received PT-TLS message #1 of type 'PB-TNC Batch' (337 bytes)
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: assigned TNCCS Connection ID 1
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+An OS IMV instance is created for this PB-TNC connection
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   user AR identity 'C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com' of type X.500 DN authenticated by certificate
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   machine AR identity '46.126.238.39' of type IPv4 address authenticated by unknown method
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+A SWIMA IMV instance is created for this PB-TNC connection
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The PB-TNC connection is now initialized and goes into Handshake mode
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 "OS" changed state of Connection ID 1 to 'Handshake'
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" changed state of Connection ID 1 to 'Handshake'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The first PB-TNC client batch is received containing two PA-TNC messages
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: received TNCCS batch (321 bytes)
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling inbound connection
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PB-TNC CDATA batch for Connection ID 1
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Init' to 'Server Working'
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-Language-Preference message (31 bytes)
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-PA message (230 bytes)
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-PA message (52 bytes)
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: setting language preference to 'en'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The first PA-TNC message is of type *IETF / Operating System* and contains some IETF standard attributes sent by the OS IMC
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 "OS" received message for Connection ID 1 from IMC 1
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: => 206 bytes @ 0x7ff810004f10
-Andreas Steffen
+: 01 00 00 00 6F 69 67 01 00 00 00 00 00 00 00 02  ....oig.........
-Andreas Steffen
+: 00 00 00 17 00 71 32 00 00 55 62 75 6E 74 75 00  .....q2..Ubuntu.
-Andreas Steffen
+: 00 00 00 00 00 00 04 00 00 00 1B 0C 31 36 2E 30  ............16.0
-Andreas Steffen
+: 34 20 78 38 36 5F 36 34 00 00 00 00 00 00 00 00  4 x86_64........
-Andreas Steffen
+: 00 03 00 00 00 1C 00 00 00 10 00 00 00 04 00 00  ................
-Andreas Steffen
+: 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00  ................
-Andreas Steffen
+: 00 24 03 01 00 00 32 30 31 37 2D 30 36 2D 31 39  .$....2017-06-19
-Andreas Steffen
+: 54 31 34 3A 31 38 3A 33 35 5A 00 00 00 00 00 00  T14:18:35Z......
-Andreas Steffen
+: 00 0B 00 00 00 10 00 00 00 01 00 00 00 00 00 00  ................
-Andreas Steffen
+: 00 0C 00 00 00 10 00 00 00 00 00 00 90 2A 00 00  .............*..
-Andreas Steffen
+: 00 08 00 00 00 34 35 64 39 35 30 32 31 33 39 36  .....45d95021396
-Andreas Steffen
+: 64 32 34 31 35 65 35 63 35 33 63 61 32 64 65 61  d2415e5c53ca2dea
-Andreas Steffen
+: 36 66 62 63 31 63 32 33 38 37 63 35 36 61        6fbc1c2387c56a
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC message with ID 0x6f696701
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+This is the OS information contained in the PA-TNC attributes
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: operating system name is 'Ubuntu' from vendor Canonical
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: operating system version is '16.04 x86_64'
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: operating system numeric version is 16.4
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: operational status: operational, result: successful
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: last boot: Jun 19 14:18:35 UTC 2017
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: IPv4 forwarding is enabled
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: factory default password is disabled
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: device ID is 5d95021396d2415e5c53ca2dea6fbc1c2387c56a
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The second PA-TNC message is of type *IETF / Software* and contains a PA-TNC segmentation contract request
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: => 28 bytes @ 0x7ff810005860
-Andreas Steffen
+: 01 00 00 00 19 74 B7 4E 00 00 55 97 00 00 00 21  .....t.N..U....!
-Andreas Steffen
+: 00 00 00 14 00 98 96 80 00 01 FF B8              ............
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC message with ID 0x1974b74e
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+This is the decoded segmentation contract request
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 received a segmentation contract request from IMC 2 for PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+                                               maximum attribute size of 10000000 bytes with maximum segment size of 131000 bytes
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0xa41e0787
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 28 bytes @ 0x7ff810000a00
-Andreas Steffen
+: 01 00 00 00 A4 1E 07 87 00 00 55 97 00 00 00 22  ..........U...."
-Andreas Steffen
+: 00 00 00 14 00 98 96 80 00 01 FF B8              ............
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The OS IMV also sends a segmentation contract request for PA message type *IETF / Operating System*
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 requests a segmentation contract for PA message type 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+                                               maximum attribute size of 100000000 bytes with maximum segment size of 131000 bytes
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The strongTNC policy manager assigns a session ID and issues a single SWIDT workitem
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: assigned session ID 2 to Connection ID 1
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: running policy script: 2>&1 ipsec imv_policy_manager start 2
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: policy: imv_policy_manager start successful
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: SWIDT workitem 9
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The OS IMV has not been assigned any work items by the policy manager and therefore terminates gracefully
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 has no workitems - no evaluation requested
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0x916d188f
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/Remediation Instructions' 0x000000/0x0000000a
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 117 bytes @ 0x7ff810004f20
-Andreas Steffen
+: 01 00 00 00 91 6D 18 8F 00 00 00 00 00 00 00 09  .....m..........
-Andreas Steffen
+: 00 00 00 10 00 00 00 04 00 00 00 00 00 00 00 0A  ................
-Andreas Steffen
+: 00 00 00 5D 00 00 00 00 00 00 00 02 00 00 00 42  ...]...........B
-Andreas Steffen
+: 49 50 20 50 61 63 6B 65 74 20 46 6F 72 77 61 72  IP Packet Forwar
-Andreas Steffen
+: 64 69 6E 67 0A 20 20 50 6C 65 61 73 65 20 64 69  ding.  Please di
-Andreas Steffen
+: 73 61 62 6C 65 20 74 68 65 20 66 6F 72 77 61 72  sable the forwar
-Andreas Steffen
+: 64 69 6E 67 20 6F 66 20 49 50 20 70 61 63 6B 65  ding of IP packe
-Andreas Steffen
+: 74 73 02 65 6E                                   ts.en
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 provides recommendation 'allow' and evaluation 'don't know'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The SWIMA IMV sends a segmentation contract request for PA message type *IETF / Software* as well
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 requests a segmentation contract for PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+                                               maximum attribute size of 10000000 bytes with maximum segment size of 131000 bytes
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. Sending IETF SW Request Attribute
 Andreas Steffen
-Andreas Steffen
+The SWIMA IMV is responsible for the SWIDT workitem and issues an *IETF / SW Request* attribute
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 handles SWIDT workitem 9
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 issues sw request 9
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0xeaeacdc3
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/SW Request' 0x000000/0x00000011
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 52 bytes @ 0x7ff810005550
-Andreas Steffen
+: 01 00 00 00 EA EA CD C3 00 00 55 97 00 00 00 21  ..........U....!
-Andreas Steffen
+: 00 00 00 14 00 98 96 80 00 01 FF B8 00 00 00 00  ................
-Andreas Steffen
+: 00 00 00 11 00 00 00 18 20 00 00 00 00 00 00 09  ........ .......
-Andreas Steffen
+: 00 00 00 00                                      ....
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The first Server DATA batch is sent to the TNC Client
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling outbound connection
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Server Working' to 'Client Working'
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-TNC SDATA batch
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: sending PB-TNC SDATA batch (277 bytes) for Connection ID 1
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: sending PT-TLS message #2 of type 'PB-TNC Batch' (293 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. Receiving IETF SW Identity Inventory Attribute
 Andreas Steffen
-Andreas Steffen
+A Client DATA batch has been received
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: received PT-TLS message #2 of type 'PB-TNC Batch' (131072 bytes)
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: received TNCCS batch (131056 bytes)
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling inbound connection
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PB-TNC CDATA batch for Connection ID 1
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Client Working' to 'Server Working'
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-PA message (131048 bytes)
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 to IMV 2
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: => 131024 bytes @ 0x7ff820090960
-Andreas Steffen
+: 01 00 00 00 AC 4D 42 7A 00 00 55 97 00 00 00 22  .....MBz..U...."
-Andreas Steffen
+: 00 00 00 14 00 98 96 80 00 01 FF B8 00 00 55 97  ..............U.
-Andreas Steffen
+: 00 00 00 23 00 01 FF B4 C0 00 00 01 00 00 00 00  ...#............
-Andreas Steffen
+: 00 00 00 12 00 02 88 84 00 00 08 01 00 00 00 09  ................
-Andreas Steffen
+: 3B 8A 77 A3 00 00 00 A1 00 00 0A CF 00 00 00 01  ;.w.............
-Andreas Steffen
+: 01 00 00 52 73 74 72 6F 6E 67 73 77 61 6E 2E 6F  ...Rstrongswan.o
-Andreas Steffen
+: 72 67 5F 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34  rg__Ubuntu_16.04
-Andreas Steffen
+: 2D 78 38 36 5F 36 34 2D 61 31 31 79 2D 70 72 6F  -x86_64-a11y-pro
-Andreas Steffen
+: 66 69 6C 65 2D 6D 61 6E 61 67 65 72 2D 69 6E 64  file-manager-ind
-Andreas Steffen
+: 69 63 61 74 6F 72 2D 30 2E 31 2E 31 30 2D 30 75  icator-0.1.10-0u
-Andreas Steffen
+: 62 75 6E 74 75 33 00 00 00 00 0A D0 00 00 00 01  buntu3..........
-Andreas Steffen
+: 01 00 00 58 73 74 72 6F 6E 67 73 77 61 6E 2E 6F  ...Xstrongswan.o
-Andreas Steffen
+: 72 67 5F 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34  rg__Ubuntu_16.04
-Andreas Steffen
+: 2D 78 38 36 5F 36 34 2D 61 63 63 6F 75 6E 74 2D  -x86_64-account-
-Andreas Steffen
+: 70 6C 75 67 69 6E 2D 66 61 63 65 62 6F 6F 6B 2D  plugin-facebook-
-Andreas Steffen
+: 30 2E 31 32 7E 31 36 2E 30 34 2E 32 30 31 36 30  0.12~16.04.20160
-Andreas Steffen
+: 31 32 36 2D 30 75 62 75 6E 74 75 31 00 00 00 00  126-0ubuntu1....
-Andreas Steffen
+: 0A D1 00 00 00 01 01 00 00 56 73 74 72 6F 6E 67  .........Vstrong
-Andreas Steffen
+: 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 75 6E 74 75  swan.org__Ubuntu
-Andreas Steffen
+: 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 61 63  _16.04-x86_64-ac
-Andreas Steffen
+: 63 6F 75 6E 74 2D 70 6C 75 67 69 6E 2D 66 6C 69  count-plugin-fli
-Andreas Steffen
+: 63 6B 72 2D 30 2E 31 32 7E 31 36 2E 30 34 2E 32  ckr-0.12~16.04.2
-Andreas Steffen
+: 30 31 36 30 31 32 36 2D 30 75 62 75 6E 74 75 31  0160126-0ubuntu1
-Andreas Steffen
+: 00 00 00 00 0A D2 00 00 00 01 01 00 00 56 73 74  .............Vst
-Andreas Steffen
+: 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F 55 62  rongswan.org__Ub
-Andreas Steffen
+: 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36  untu_16.04-x86_6
-Andreas Steffen
+: 34 2D 61 63 63 6F 75 6E 74 2D 70 6C 75 67 69 6E  4-account-plugin
-Andreas Steffen
+: 2D 67 6F 6F 67 6C 65 2D 30 2E 31 32 7E 31 36 2E  -google-0.12~16.
-Andreas Steffen
+: 30 34 2E 32 30 31 36 30 31 32 36 2D 30 75 62 75  04.20160126-0ubu
-Andreas Steffen
+: 6E 74 75 31 00 00 00 00 06 2E 00 00 00 01 01 00  ntu1............
-Andreas Steffen
+                                                ...
-Andreas Steffen
+: 00 00 00 01 01 00 00 4A 73 74 72 6F 6E 67 73 77  .......Jstrongsw
-Andreas Steffen
+: 61 6E 2E 6F 72 67 5F 5F 55 62 75 6E 74 75 5F 31  an.org__Ubuntu_1
-Andreas Steffen
+: 36 2E 30 34 2D 78 38 36 5F 36 34 2D 70 72 69 6E  6.04-x86_64-prin
-Andreas Steffen
+: 74 65 72 2D 64 72 69 76 65 72 2D 68 70 63 75 70  ter-driver-hpcup
-Andreas Steffen
+: 73 2D 33 2E 31 36 2E 33 7E 72 65 70 61 63 6B 30  s-3.16.3~repack0
-Andreas Steffen
+: 2D 31 00 00 00 00 0E D8 00 00 00 01 01 00 00 43  -1.............C
-Andreas Steffen
+: 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F  strongswan.org__
-Andreas Steffen
+: 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36  Ubuntu_16.04-x86
-Andreas Steffen
+: 5F 36 34 2D 70 72 69 6E 74 65 72 2D 64 72 69 76  _64-printer-driv
-Andreas Steffen
+: 65 72 2D 6D 69 6E 31 32 78 78 77 2D 30 2E 30 2E  er-min12xxw-0.0.
-Andreas Steffen
+: 39 2D 39 00 00 00 00 0E D9 00 00 00 01 01 00 00  9-9.............
-Andreas Steffen
+: 4F 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F  Ostrongswan.org_
-Andreas Steffen
+: 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38  _Ubuntu_16.04-x8
-Andreas Steffen
+: 36 5F 36 34 2D 70 72 69 6E 74 65 72 2D 64 72 69  6_64-printer-dri
-Andreas Steffen
+: 76 65 72 2D 70 6E 6D 32 70 70 61 2D 31 2E 31 33  ver-pnm2ppa-1.13
-Andreas Steffen
+: 7E 6E 6F 6E 64 62 73 2D 30 75 62 75 6E 74 75 35  ~nondbs-0ubuntu5
-Andreas Steffen
+: 00 00 00 00 0E DA 00 00 00 01 01 00 00 51 73 74  .............Qst
-Andreas Steffen
+: 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F 55 62  rongswan.org__Ub
-Andreas Steffen
+: 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36  untu_16.04-x86_6
-Andreas Steffen
+: 34 2D 70 72 69 6E 74 65 72 2D 64 72 69 76 65 72  4-printer-driver
-Andreas Steffen
+: 2D 70 6F 73 74 73 63 72 69 70 74 2D 68 70 2D 33  -postscript-hp-3
-Andreas Steffen
+: 2E 31 36 2E 33 7E 72 65 70 61 63 6B 30 2D 31 00  .16.3~repack0-1.
-Andreas Steffen
+: 00 00 00 0E DB 00 00 00 01 01 00 00 3F 73 74 72  ............?str
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC message with ID 0xac4d427a
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'TCG/Attribute Segment Envelope' 0x005597/0x00000023
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The SWIMA IMC accepted the segmentation contract
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 received a segmentation contract response from IMC 2 for PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+                                               maximum attribute size of 10000000 bytes with maximum segment size of 131000 bytes
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The first 128k segment of an *IETF / Software* message has been received
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: received first segment for base attribute ID 1 (130980 bytes)
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/SW Identifier Inventory' 0x000000/0x00000012
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: 3 bytes insufficient to parse 63 bytes of data
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+complete software identifiers including their record ID were received in the first segment, 424 identifiers are to follow
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: received software identity inventory with 1625 items for request 9 at eid 161 of epoch 0x3b8a77a3, 424 items to follow
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   2767: strongswan.org__Ubuntu_16.04-x86_64-a11y-profile-manager-indicator-0.1.10-0ubuntu3
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   2768: strongswan.org__Ubuntu_16.04-x86_64-account-plugin-facebook-0.12~16.04.20160126-0ubuntu1
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   2769: strongswan.org__Ubuntu_16.04-x86_64-account-plugin-flickr-0.12~16.04.20160126-0ubuntu1
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   2770: strongswan.org__Ubuntu_16.04-x86_64-account-plugin-google-0.12~16.04.20160126-0ubuntu1
-Andreas Steffen
+...
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   3799: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-hpcups-3.16.3~repack0-1
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   3800: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-min12xxw-0.0.9-9
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   3801: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-pnm2ppa-1.13~nondbs-0ubuntu5
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   3802: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-postscript-hp-3.16.3~repack0-1
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The SWIMA IMV requests the next segment of the *IETF / Software* message
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0x41ff7fe5
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'TCG/Next Segment Request' 0x005597/0x00000024
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 24 bytes @ 0x7ff82015ae30
-Andreas Steffen
+: 01 00 00 00 41 FF 7F E5 00 00 55 97 00 00 00 24  ....A.....U....$
-Andreas Steffen
+: 00 00 00 10 00 00 00 01                          ........
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling outbound connection
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Server Working' to 'Client Working'
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-TNC SDATA batch
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: sending PB-TNC SDATA batch (56 bytes) for Connection ID 1
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: sending PT-TLS message #3 of type 'PB-TNC Batch' (72 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The second and last segment of the *IETF / Software* message has been received
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: received PT-TLS message #3 of type 'PB-TNC Batch' (35112 bytes)
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: received TNCCS batch (35096 bytes)
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling inbound connection
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PB-TNC CDATA batch for Connection ID 1
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Client Working' to 'Server Working'
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-PA message (35088 bytes)
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 to IMV 2
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: => 35064 bytes @ 0x7ff81802afa0
-Andreas Steffen
+: 01 00 00 00 C4 99 91 00 00 00 55 97 00 00 00 23  ..........U....#
-Andreas Steffen
+: 00 00 88 F0 00 00 00 01 6F 6E 67 73 77 61 6E 2E  ........ongswan.
-Andreas Steffen
+: 6F 72 67 5F 5F 55 62 75 6E 74 75 5F 31 36 2E 30  org__Ubuntu_16.0
-Andreas Steffen
+: 34 2D 78 38 36 5F 36 34 2D 70 72 69 6E 74 65 72  4-x86_64-printer
-Andreas Steffen
+: 2D 64 72 69 76 65 72 2D 70 74 6F 75 63 68 2D 31  -driver-ptouch-1
-Andreas Steffen
+: 2E 34 2D 31 00 00 00 00 0E DC 00 00 00 01 01 00  .4-1............
-Andreas Steffen
+: 00 46 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67  .Fstrongswan.org
-Andreas Steffen
+: 5F 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78  __Ubuntu_16.04-x
-Andreas Steffen
+: 38 36 5F 36 34 2D 70 72 69 6E 74 65 72 2D 64 72  86_64-printer-dr
-Andreas Steffen
+: 69 76 65 72 2D 70 78 6C 6A 72 2D 31 2E 34 7E 72  iver-pxljr-1.4~r
-Andreas Steffen
+: 65 70 61 63 6B 30 2D 34 00 00 00 00 0E DD 00 00  epack0-4........
-Andreas Steffen
+: 00 01 01 00 00 47 73 74 72 6F 6E 67 73 77 61 6E  .....Gstrongswan
-Andreas Steffen
+: 2E 6F 72 67 5F 5F 55 62 75 6E 74 75 5F 31 36 2E  .org__Ubuntu_16.
-Andreas Steffen
+: 30 34 2D 78 38 36 5F 36 34 2D 70 72 69 6E 74 65  04-x86_64-printe
-Andreas Steffen
+: 72 2D 64 72 69 76 65 72 2D 73 61 67 2D 67 64 69  r-driver-sag-gdi
-Andreas Steffen
+: 2D 30 2E 31 2D 34 75 62 75 6E 74 75 31 00 00 00  -0.1-4ubuntu1...
-Andreas Steffen
+: 00 0E DE 00 00 00 01 01 00 00 50 73 74 72 6F 6E  ..........Pstron
-Andreas Steffen
+: 67 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 75 6E 74  gswan.org__Ubunt
-Andreas Steffen
+: 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 70  u_16.04-x86_64-p
-Andreas Steffen
+: 72 69 6E 74 65 72 2D 64 72 69 76 65 72 2D 73 70  rinter-driver-sp
-Andreas Steffen
+: 6C 69 78 2D 32 2E 30 2E 30 7E 73 76 6E 33 31 35  lix-2.0.0~svn315
-Andreas Steffen
+: 2D 34 66 61 6B 65 73 79 6E 63 31 00 00 00 00 06  -4fakesync1.....
-Andreas Steffen
+                                               ...
-Andreas Steffen
+: 75 32 00 00 00 00 0F E0 00 00 00 01 01 00 00 43  u2.............C
-Andreas Steffen
+: 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F  strongswan.org__
-Andreas Steffen
+: 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36  Ubuntu_16.04-x86
-Andreas Steffen
+: 5F 36 34 2D 7A 65 6E 69 74 79 2D 63 6F 6D 6D 6F  _64-zenity-commo
-Andreas Steffen
+: 6E 2D 33 2E 31 38 2E 31 2E 31 2D 31 75 62 75 6E  n-3.18.1.1-1ubun
-Andreas Steffen
+: 74 75 32 00 00 00 00 0F E1 00 00 00 01 01 00 00  tu2.............
-Andreas Steffen
+: 2E 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F  .strongswan.org_
-Andreas Steffen
+: 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38  _Ubuntu_16.04-x8
-Andreas Steffen
+: 36 5F 36 34 2D 7A 69 70 2D 33 2E 30 2D 31 31 00  6_64-zip-3.0-11.
-Andreas Steffen
+: 00 00 00 09 D2 00 00 00 01 01 00 00 42 73 74 72  ............Bstr
-Andreas Steffen
+: 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 75  ongswan.org__Ubu
-Andreas Steffen
+: 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34  ntu_16.04-x86_64
-Andreas Steffen
+: 2D 7A 6C 69 62 31 67 2D 31 7E 31 2E 32 2E 38 2E  -zlib1g-1~1.2.8.
-Andreas Steffen
+: 64 66 73 67 2D 32 75 62 75 6E 74 75 34 2E 31 00  dfsg-2ubuntu4.1.
-Andreas Steffen
+: 00 00 00 09 D9 00 00 00 01 01 00 00 46 73 74 72  ............Fstr
-Andreas Steffen
+: 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 75  ongswan.org__Ubu
-Andreas Steffen
+: 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34  ntu_16.04-x86_64
-Andreas Steffen
+: 2D 7A 6C 69 62 31 67 2D 64 65 76 2D 31 7E 31 2E  -zlib1g-dev-1~1.
-Andreas Steffen
+: 32 2E 38 2E 64 66 73 67 2D 32 75 62 75 6E 74 75  2.8.dfsg-2ubuntu
-Andreas Steffen
+: 34 2E 31 00 00 00 00 00 00 00 00 00 01 02 00 00  4.1.............
-Andreas Steffen
+: 20 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F   strongswan.org_
-Andreas Steffen
+: 5F 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 35 2D  _strongSwan-5-5-
-Andreas Steffen
+: 33 00 15 2F 75 73 72 2F 73 68 61 72 65 2F 73 74  3../usr/share/st
-Andreas Steffen
+: 72 6F 6E 67 73 77 61 6E                          rongswan
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC message with ID 0xc4999100
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'TCG/Attribute Segment Envelope' 0x005597/0x00000023
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: received last segment for base attribute ID 1 (35040 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The remaining software identifiers have been received. The *IETF / Software Identifier Inventory* attribute is complete
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: received software identity inventory with 424 items for request 9 at eid 161 of epoch 0x3b8a77a3, 0 items to follow
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   3803: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-ptouch-1.4-1
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   3804: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-pxljr-1.4~repack0-4
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   3805: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-sag-gdi-0.1-4ubuntu1
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   3806: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-splix-2.0.0~svn315-4fakesync1
-Andreas Steffen
+...
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   4064: strongswan.org__Ubuntu_16.04-x86_64-zenity-common-3.18.1.1-1ubuntu2
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   4065: strongswan.org__Ubuntu_16.04-x86_64-zip-3.0-11
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   2514: strongswan.org__Ubuntu_16.04-x86_64-zlib1g-1~1.2.8.dfsg-2ubuntu4.1
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   2521: strongswan.org__Ubuntu_16.04-x86_64-zlib1g-dev-1~1.2.8.dfsg-2ubuntu4.1
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:      0: strongswan.org__strongSwan-5-5-3
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. Sending IETF [Targeted] SW Request Attribute
 Andreas Steffen
-Andreas Steffen
+All software identifiers are sent to the strongTNC policy manager via a REST-ful interface. The policy manager checks all software identifiers in its database and finds that it does not have a SWID tag for the strongSwan-5.5.3 software
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   sending request to 'https://admin-user:xxxxxxxxxx!@tnc.strongswan.org/api/sessions/2/swid-measurement/'...
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: 1 SWID tag target
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]:   strongswan.org__strongSwan-5-5-3
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+A targeted *IETF / SW Request* attribute is sent in Server DATA batch
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0x6d9f210a
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/SW Request' 0x000000/0x00000011
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 66 bytes @ 0x7ff8180036c0
-Andreas Steffen
+: 01 00 00 00 6D 9F 21 0A 00 00 00 00 00 00 00 11  ....m.!.........
-Andreas Steffen
+: 00 00 00 3A 00 00 00 01 00 00 00 09 00 00 00 00  ...:............
-Andreas Steffen
+: 00 20 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67  . strongswan.org
-Andreas Steffen
+: 5F 5F 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 35  __strongSwan-5-5
-Andreas Steffen
+: 2D 33                                            -3
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling outbound connection
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Server Working' to 'Client Working'
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-TNC SDATA batch
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: sending PB-TNC SDATA batch (98 bytes) for Connection ID 1
-Andreas Steffen
+Jun 22 12:34:57 koala charon-systemd[12088]: sending PT-TLS message #4 of type 'PB-TNC Batch' (114 bytes)
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. Receiving IETF SW Inventory Attribute
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: received PT-TLS message #4 of type 'PB-TNC Batch' (508 bytes)
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: received TNCCS batch (492 bytes)
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: TNC server is handling inbound connection
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: processing PB-TNC CDATA batch for Connection ID 1
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: PB-TNC state transition from 'Client Working' to 'Server Working'
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: processing IETF/PB-PA message (484 bytes)
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 to IMV 2
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: => 460 bytes @ 0x7ff83c003ef0
-Andreas Steffen
+: 01 00 00 00 9A 73 D4 63 00 00 00 00 00 00 00 14  .....s.c........
-Andreas Steffen
+: 00 00 01 C4 00 00 00 01 00 00 00 09 11 22 33 44  ............."3D
-Andreas Steffen
+: 00 00 00 01 00 00 00 00 00 00 00 01 02 00 00 20  ...............
-Andreas Steffen
+: 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F  strongswan.org__
-Andreas Steffen
+: 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 35 2D 33  strongSwan-5-5-3
-Andreas Steffen
+: 00 15 2F 75 73 72 2F 73 68 61 72 65 2F 73 74 72  ../usr/share/str
-Andreas Steffen
+: 6F 6E 67 73 77 61 6E 00 00 01 61 3C 3F 78 6D 6C  ongswan...a<?xml
-Andreas Steffen
+: 20 76 65 72 73 69 6F 6E 3D 22 31 2E 30 22 20 65   version="1.0" e
-Andreas Steffen
+: 6E 63 6F 64 69 6E 67 3D 22 75 74 66 2D 38 22 3F  ncoding="utf-8"?
-Andreas Steffen
+: 3E 0A 0A 3C 53 6F 66 74 77 61 72 65 49 64 65 6E  >..<SoftwareIden
-Andreas Steffen
+: 74 69 74 79 0A 20 20 6E 61 6D 65 3D 22 73 74 72  tity.  name="str
-Andreas Steffen
+: 6F 6E 67 53 77 61 6E 22 0A 20 20 74 61 67 49 64  ongSwan".  tagId
-Andreas Steffen
+: 3D 22 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 35  ="strongSwan-5-5
-Andreas Steffen
+: 2D 33 22 0A 20 20 76 65 72 73 69 6F 6E 3D 22 35  -3".  version="5
-Andreas Steffen
+: 2E 35 2E 33 22 20 76 65 72 73 69 6F 6E 53 63 68  .5.3" versionSch
-Andreas Steffen
+: 65 6D 65 3D 22 61 6C 70 68 61 6E 75 6D 65 72 69  eme="alphanumeri
-Andreas Steffen
+: 63 22 0A 20 20 78 6D 6C 6E 73 3D 22 68 74 74 70  c".  xmlns="http
-Andreas Steffen
+: 3A 2F 2F 73 74 61 6E 64 61 72 64 73 2E 69 73 6F  ://standards.iso
-Andreas Steffen
+: 2E 6F 72 67 2F 69 73 6F 2F 31 39 37 37 30 2F 2D  .org/iso/19770/-
-Andreas Steffen
+: 32 2F 32 30 31 35 2F 73 63 68 65 6D 61 2E 78 73  2/2015/schema.xs
-Andreas Steffen
+: 64 22 3E 0A 20 20 3C 45 6E 74 69 74 79 0A 20 20  d">.  <Entity.
-Andreas Steffen
+: 20 20 6E 61 6D 65 3D 22 73 74 72 6F 6E 67 53 77    name="strongSw
-Andreas Steffen
+: 61 6E 20 50 72 6F 6A 65 63 74 22 0A 20 20 20 20  an Project".
-Andreas Steffen
+: 72 65 67 69 64 3D 22 73 74 72 6F 6E 67 73 77 61  regid="strongswa
-Andreas Steffen
+: 6E 2E 6F 72 67 22 0A 20 20 20 20 72 6F 6C 65 3D  n.org".    role=
-Andreas Steffen
+: 22 73 6F 66 74 77 61 72 65 43 72 65 61 74 6F 72  "softwareCreator
-Andreas Steffen
+: 20 6C 69 63 65 6E 73 6F 72 20 74 61 67 43 72 65   licensor tagCre
-Andreas Steffen
+: 61 74 6F 72 22 2F 3E 0A 3C 2F 53 6F 66 74 77 61  ator"/>.</Softwa
-Andreas Steffen
+: 72 65 49 64 65 6E 74 69 74 79 3E 0A              reIdentity>.
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: processing PA-TNC message with ID 0x9a73d463
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/SW Inventory' 0x000000/0x00000014
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: received software inventory with 1 item for request 9 at eid 161 of epoch 0x3b8a77a3, 0 items to follow
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The XML-encoded ISO-17770-2:2015 SWID tag for the strongswan-5-5-3 software
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: <?xml version="1.0" encoding="utf-8"?>
-Andreas Steffen
+                                             <SoftwareIdentity
-Andreas Steffen
+                                               name="strongSwan"
-Andreas Steffen
+                                               tagId="strongSwan-5-5-3"
-Andreas Steffen
+                                               version="5.5.3" versionScheme="alphanumeric"
-Andreas Steffen
+                                               xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
-Andreas Steffen
+                                               <Entity
-Andreas Steffen
+                                                 name="strongSwan Project"
-Andreas Steffen
+                                                 regid="strongswan.org"
-Andreas Steffen
+                                                 role="softwareCreator licensor tagCreator"/>
-Andreas Steffen
+                                             </SoftwareIdentity>
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The SWID tag is uploaded to the strongTNC policy manager via the REST-ful API. Then the complete software identifier inventory is reposted
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]:   sending request to 'https://admin-user:xxxxxxxxxx!@tnc.strongswan.org/api/swid/add-tags/'...
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]:   sending request to 'https://admin-user:xxxxxxxxxx!@tnc.strongswan.org/api/sessions/2/swid-measurement/'...
 Andreas Steffen
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. Terminating PT-TLS Client Connection
 Andreas Steffen
-Andreas Steffen
+The PT-TLS client session is terminated
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: IMV 2 handled SWIDT workitem 9: allow - received inventory of 2049 SWID tag IDs and 1 SWID tag
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: creating PA-TNC message with ID 0xf63cbcf4
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: created PA-TNC message: => 24 bytes @ 0x7ff83c000f50
-Andreas Steffen
+: 01 00 00 00 F6 3C BC F4 00 00 00 00 00 00 00 09  .....<..........
-Andreas Steffen
+: 00 00 00 10 00 00 00 00                          ........
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: IMV 2 provides recommendation 'allow' and evaluation 'compliant'
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: TNC server is handling outbound connection
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: running policy script: 2>&1 ipsec imv_policy_manager stop 2
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: policy: recommendation for access requestor 46.126.238.39 is allow
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: policy: imv_policy_manager stop successful
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: IMV 1 "OS" changed state of Connection ID 1 to 'Allowed'
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: IMV 2 "SWIMA" changed state of Connection ID 1 to 'Allowed'
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: PB-TNC state transition from 'Server Working' to 'Decided'
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: creating PB-TNC RESULT batch
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: adding IETF/PB-PA message
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: adding IETF/PB-Assessment-Result message
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: adding IETF/PB-Access-Recommendation message
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: sending PB-TNC RESULT batch (88 bytes) for Connection ID 1
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: sending PT-TLS message #5 of type 'PB-TNC Batch' (104 bytes)
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: received PT-TLS message #5 of type 'PB-TNC Batch' (24 bytes)
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: received TNCCS batch (8 bytes)
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: TNC server is handling inbound connection
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: processing PB-TNC CLOSE batch for Connection ID 1
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: PB-TNC state transition from 'Decided' to 'End'
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: final recommendation is 'allow' and evaluation is 'compliant'
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: PT-TLS connection terminates
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: IMV 1 "OS" deleted the state of Connection ID 1
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: IMV 2 "SWIMA" deleted the state of Connection ID 1
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: removed TNCCS Connection ID 1
-Andreas Steffen
+Jun 22 12:34:58 koala charon-systemd[12088]: sending TLS close notify
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+h2. Stopping PT-TLS Daemon
 Andreas Steffen
-Andreas Steffen
+The strongSwan PT-TLS server daemon can be stopped using the following systemd command
-Andreas Steffen
+<pre>
-Andreas Steffen
+systemctl stop strongswan-swanctl
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+<pre>
-Andreas Steffen
+Jun 22 14:11:43 koala charon-systemd[12088]: SIGTERM received, shutting down
-Andreas Steffen
+Jun 22 14:11:43 koala systemd[1]: Stopping strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
-Andreas Steffen
+Jun 22 14:11:43 koala charon-systemd[12088]: IMV 2 "SWIMA" terminated
-Andreas Steffen
+Jun 22 14:11:43 koala charon-systemd[12088]: IMV 1 "OS" terminated
-Andreas Steffen
+Jun 22 14:11:43 koala charon-systemd[12088]: removed IETF attributes
-Andreas Steffen
+Jun 22 14:11:43 koala charon-systemd[12088]: removed ITA-HSR attributes
-Andreas Steffen
+Jun 22 14:11:43 koala charon-systemd[12088]: removed PWG attributes
-Andreas Steffen
+Jun 22 14:11:43 koala charon-systemd[12088]: removed TCG attributes
-Andreas Steffen
+Jun 22 14:11:43 koala charon-systemd[12088]: libimcv terminated
-Andreas Steffen
+Jun 22 14:11:43 koala systemd[1]: Stopped strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
-Andreas Steffen
+</pre>

Project

General

Profile

strongSwan

Software Inventory Message and Attributes for PA-TNC (SWIMA) » History » Version 25