Software Inventory Message and Attributes for PA-TNC (SWIMA) » History » Version 27
Andreas Steffen, 07.07.2017 15:35
| 1 | 18 | Andreas Steffen | h1. Software Inventory Message and Attributes for PA-TNC (SWIMA) |
|---|---|---|---|
| 2 | 1 | Andreas Steffen | |
| 3 | 6 | Andreas Steffen | {{>toc}} |
| 4 | 6 | Andreas Steffen | |
| 5 | 27 | Andreas Steffen | h2. Configuring a PT-TLS SWIMA Client |
| 6 | 27 | Andreas Steffen | |
| 7 | 27 | Andreas Steffen | The following [[SwimaClient|HOWTO]] describes the installation and configuration of a PT-TLS-based SW Client on an Ubuntu 16.04 platform. |
| 8 | 27 | Andreas Steffen | |
| 9 | 27 | Andreas Steffen | h2. Configuring a PT-TLS SWIMA Server |
| 10 | 27 | Andreas Steffen | |
| 11 | 27 | Andreas Steffen | The following [[SwimaServer|HOWTO]] describes the installation and configuration of a PT-TLS-based Server Daemon on an Ubuntu 16.04 platform. |
| 12 | 27 | Andreas Steffen | |
| 13 | 8 | Andreas Steffen | h2. Starting PT-TLS Server Daemon |
| 14 | 6 | Andreas Steffen | |
| 15 | 4 | Andreas Steffen | The PT-TLS server based on the strongSwan systemd daemon is usually started automatically at boot time with the command |
| 16 | 1 | Andreas Steffen | <pre> |
| 17 | 4 | Andreas Steffen | systemctl start strongswan-swanctl |
| 18 | 4 | Andreas Steffen | </pre> |
| 19 | 4 | Andreas Steffen | |
| 20 | 10 | Andreas Steffen | First all the PA-TNC attribute definitions from the IETF, TCG, ITA-HSR and PWG namespaces are loaded. The IMVs to by dynamically loaded are read from _/etc/tnc_config_. |
| 21 | 4 | Andreas Steffen | <pre> |
| 22 | 19 | Andreas Steffen | Jun 22 12:31:28 koala systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl... |
| 23 | 19 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: TNC recommendation policy is 'default' |
| 24 | 19 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: loading IMVs from '/etc/tnc_config' |
| 25 | 19 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: added IETF attributes |
| 26 | 19 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: added ITA-HSR attributes |
| 27 | 19 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: added PWG attributes |
| 28 | 19 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: added TCG attributes |
| 29 | 19 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: libimcv initialized |
| 30 | 1 | Andreas Steffen | </pre> |
| 31 | 4 | Andreas Steffen | |
| 32 | 13 | Andreas Steffen | The OS IMV is loaded as a dynamic library and attached to the TNC server. |
| 33 | 1 | Andreas Steffen | <pre> |
| 34 | 19 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: IMV 1 "OS" initialized |
| 35 | 19 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: IMV 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001 |
| 36 | 19 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: IMV 1 "OS" loaded from '/usr/lib/ipsec/imcvs/imv-os.so' |
| 37 | 1 | Andreas Steffen | </pre> |
| 38 | 4 | Andreas Steffen | |
| 39 | 13 | Andreas Steffen | The SWIMA IMV is loaded as a dynamic library and attached to the TNC server. |
| 40 | 1 | Andreas Steffen | <pre> |
| 41 | 19 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: IMV 2 "SWIMA" initialized |
| 42 | 19 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: IMV 2 supports 1 message type: 'IETF/Software' 0x000000/0x00000009 |
| 43 | 19 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: IMV 2 "SWIMA" loaded from '/usr/lib/ipsec/imcvs/imv-swima.so' |
| 44 | 1 | Andreas Steffen | </pre> |
| 45 | 4 | Andreas Steffen | |
| 46 | 4 | Andreas Steffen | The strongSwan daemon loads all required plugins and goes into multi-threading mode so that multiple PT-TLS connections can be handled |
| 47 | 1 | Andreas Steffen | <pre> |
| 48 | 20 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: loaded plugins: charon-systemd charon-systemd random nonce x509 tpm openssl revocation constraints pubkey pkcs1 pkcs8 pkcs12 pem tnc-imv tnc-pdp tnc-tnccs tnccs-20 kernel-netlink socket-default sqlite curl vici |
| 49 | 19 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: spawning 16 worker threads |
| 50 | 1 | Andreas Steffen | </pre> |
| 51 | 4 | Andreas Steffen | |
| 52 | 4 | Andreas Steffen | Multiple PT-TLS server and CA certificates are loaded into the daemon |
| 53 | 1 | Andreas Steffen | <pre> |
| 54 | 20 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=MSE, OU=TSM_ITSec, CN=mse2.strongswan.org' |
| 55 | 20 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=strongSec GmbH, CN=koala.strongsec.com' |
| 56 | 20 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=strongSec GmbH, CN=koala.strongsec.com' |
| 57 | 20 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA' |
| 58 | 20 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: loaded certificate 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA' |
| 59 | 1 | Andreas Steffen | </pre> |
| 60 | 4 | Andreas Steffen | |
| 61 | 4 | Andreas Steffen | The actual loading is done by the *swanctl* command line tool which transfers the certificates to the daemon via a Unix socket. |
| 62 | 1 | Andreas Steffen | <pre> |
| 63 | 20 | Andreas Steffen | Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509/MSE2_Cert.pem' |
| 64 | 20 | Andreas Steffen | Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509/koala_AIK_ECC_Cert.pem' |
| 65 | 20 | Andreas Steffen | Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509/koala_AIK_RSA_Cert.pem' |
| 66 | 20 | Andreas Steffen | Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509ca/strongsecCaCert.pem' |
| 67 | 20 | Andreas Steffen | Jun 22 12:31:29 koala swanctl[12107]: loaded certificate from '/etc/swanctl/x509ca/MSE_CA_Cert.pem' |
| 68 | 4 | Andreas Steffen | </pre> |
| 69 | 4 | Andreas Steffen | |
| 70 | 1 | Andreas Steffen | The first server certificate has a matching ECDSA private key loaded from file |
| 71 | 4 | Andreas Steffen | <pre> |
| 72 | 20 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: loaded ECDSA private key |
| 73 | 1 | Andreas Steffen | </pre> |
| 74 | 1 | Andreas Steffen | |
| 75 | 4 | Andreas Steffen | The second server certificate has a matching ECDSA key protected by a TPM 2.0 |
| 76 | 1 | Andreas Steffen | <pre> |
| 77 | 20 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES MGF1 KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 ECMQV KDF1_SP800_108 ECC SYMCIPHER CTR OFB CBC CFB ECB |
| 78 | 20 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: TPM 2.0 - ECC curves: NIST_P256 BN_P256 |
| 79 | 20 | Andreas Steffen | Jun 22 12:31:28 koala charon-systemd[12088]: TPM 2.0 via TSS2 available |
| 80 | 20 | Andreas Steffen | Jun 22 12:31:29 koala charon-systemd[12088]: AIK signature algorithm is ECDSA with SHA256 hash |
| 81 | 20 | Andreas Steffen | Jun 22 12:31:29 koala charon-systemd[12088]: loaded ECDSA private key from token |
| 82 | 4 | Andreas Steffen | </pre> |
| 83 | 1 | Andreas Steffen | |
| 84 | 1 | Andreas Steffen | The third server certificate has a matching RSA key protected by a TPM 2.0 |
| 85 | 13 | Andreas Steffen | <pre> |
| 86 | 20 | Andreas Steffen | Jun 22 12:31:29 koala charon-systemd[12088]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES MGF1 KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 ECMQV KDF1_SP800_108 ECC SYMCIPHER CTR OFB CBC CFB ECB |
| 87 | 20 | Andreas Steffen | Jun 22 12:31:29 koala charon-systemd[12088]: TPM 2.0 - ECC curves: NIST_P256 BN_P256 |
| 88 | 20 | Andreas Steffen | Jun 22 12:31:29 koala charon-systemd[12088]: TPM 2.0 via TSS2 available |
| 89 | 20 | Andreas Steffen | Jun 22 12:31:29 koala charon-systemd[12088]: AIK signature algorithm is RSASSA with SHA256 hash |
| 90 | 20 | Andreas Steffen | Jun 22 12:31:29 koala charon-systemd[12088]: loaded RSA private key from token |
| 91 | 5 | Andreas Steffen | </pre> |
| 92 | 1 | Andreas Steffen | |
| 93 | 1 | Andreas Steffen | Again it is the *swanctl* tool which loads the private keys or determines the IDs of keys residing on smartcard or TPM devices. |
| 94 | 1 | Andreas Steffen | <pre> |
| 95 | 20 | Andreas Steffen | Jun 22 12:31:29 koala swanctl[12107]: loaded ecdsa key from '/etc/swanctl/ecdsa/MSE2_Key.pem' |
| 96 | 20 | Andreas Steffen | Jun 22 12:31:29 koala swanctl[12107]: loaded key token_ak_ecc from token [keyid: 8e70ca6665cd2e6c7893e407cb9a7cd6264d714f] |
| 97 | 20 | Andreas Steffen | Jun 22 12:31:29 koala swanctl[12107]: loaded key token_ak_rsa from token [keyid: ce431f647d549f759267422f4097c874e2eca547] |
| 98 | 1 | Andreas Steffen | </pre> |
| 99 | 1 | Andreas Steffen | |
| 100 | 1 | Andreas Steffen | The PT-TLS server is now up and ready to accept connections on the default TCP port 271. |
| 101 | 13 | Andreas Steffen | <pre> |
| 102 | 20 | Andreas Steffen | Jun 22 12:31:29 koala systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl. |
| 103 | 8 | Andreas Steffen | </pre> |
| 104 | 8 | Andreas Steffen | |
| 105 | 5 | Andreas Steffen | h2. Accepting PT-TLS Client Connection |
| 106 | 1 | Andreas Steffen | |
| 107 | 1 | Andreas Steffen | A PT-TLS client connects to the PT-TLS server and does a TLS 1.2 handshake to establish a secure socket |
| 108 | 13 | Andreas Steffen | <pre> |
| 109 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: accepting PT-TLS stream from 46.126.238.39 |
| 110 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: entering PT-TLS negotiation phase |
| 111 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: negotiated TLS 1.2 using suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
| 112 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: sending TLS server certificate 'C=CH, O=MSE, OU=TSM_ITSec, CN=mse2.strongswan.org' |
| 113 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: sending TLS cert request for 'C=CH, O=MSE, OU=TSM_ITSec, CN=MSE CA' |
| 114 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: sending TLS cert request for 'C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA' |
| 115 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: received TLS peer certificate 'C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com' |
| 116 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: using certificate "C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com" |
| 117 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: using trusted ca certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA" |
| 118 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: checking certificate status of "C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com" |
| 119 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: using trusted certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA" |
| 120 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: crl correctly signed by "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA" |
| 121 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: crl is valid: until Jun 25 10:00:01 2017 |
| 122 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: using cached crl |
| 123 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: using trusted certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA" |
| 124 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: crl correctly signed by "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA" |
| 125 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: crl is valid: until Jun 23 10:00:01 2017 |
| 126 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: using cached crl |
| 127 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: certificate status is good |
| 128 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: reached self-signed root ca with a path length of 0 |
| 129 | 1 | Andreas Steffen | </pre> |
| 130 | 1 | Andreas Steffen | |
| 131 | 1 | Andreas Steffen | The PT-TLS protocol is started skipping SASL-based client authentication because the client already authenticated itself during the TLS handshake. |
| 132 | 1 | Andreas Steffen | <pre> |
| 133 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: received PT-TLS message #0 of type 'Version Request' (20 bytes) |
| 134 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: sending PT-TLS message #0 of type 'Version Response' (20 bytes) |
| 135 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: negotiated PT-TLS version 1 |
| 136 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: doing SASL client authentication |
| 137 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: skipping SASL, client already authenticated by TLS certificate |
| 138 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: sending PT-TLS message #1 of type 'SASL Mechanisms' (16 bytes) |
| 139 | 1 | Andreas Steffen | </pre> |
| 140 | 1 | Andreas Steffen | |
| 141 | 1 | Andreas Steffen | The PT-TLS protocol switches to the data transport phase and a TNCCS (PB-TNC) connection is instantiated |
| 142 | 1 | Andreas Steffen | <pre> |
| 143 | 20 | Andreas Steffen | Jun 22 12:34:56 koala charon-systemd[12088]: entering PT-TLS data transport phase |
| 144 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: received PT-TLS message #1 of type 'PB-TNC Batch' (337 bytes) |
| 145 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: assigned TNCCS Connection ID 1 |
| 146 | 1 | Andreas Steffen | </pre> |
| 147 | 1 | Andreas Steffen | |
| 148 | 1 | Andreas Steffen | An OS IMV instance is created for this PB-TNC connection |
| 149 | 1 | Andreas Steffen | <pre> |
| 150 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh |
| 151 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes |
| 152 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: user AR identity 'C=CH, O=strongSec GmbH, CN=brisbane.strongsec.com' of type X.500 DN authenticated by certificate |
| 153 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: machine AR identity '46.126.238.39' of type IPv4 address authenticated by unknown method |
| 154 | 1 | Andreas Steffen | </pre> |
| 155 | 13 | Andreas Steffen | |
| 156 | 1 | Andreas Steffen | A SWIMA IMV instance is created for this PB-TNC connection |
| 157 | 1 | Andreas Steffen | <pre> |
| 158 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh |
| 159 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: over IF-T for TLS 2.0 with maximum PA-TNC message size of 131024 bytes |
| 160 | 1 | Andreas Steffen | </pre> |
| 161 | 1 | Andreas Steffen | |
| 162 | 1 | Andreas Steffen | The PB-TNC connection is now initialized and goes into Handshake mode |
| 163 | 5 | Andreas Steffen | <pre> |
| 164 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 "OS" changed state of Connection ID 1 to 'Handshake' |
| 165 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" changed state of Connection ID 1 to 'Handshake' |
| 166 | 14 | Andreas Steffen | </pre> |
| 167 | 14 | Andreas Steffen | |
| 168 | 14 | Andreas Steffen | The first PB-TNC client batch is received containing two PA-TNC messages |
| 169 | 14 | Andreas Steffen | <pre> |
| 170 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: received TNCCS batch (321 bytes) |
| 171 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling inbound connection |
| 172 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PB-TNC CDATA batch for Connection ID 1 |
| 173 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Init' to 'Server Working' |
| 174 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-Language-Preference message (31 bytes) |
| 175 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-PA message (230 bytes) |
| 176 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-PA message (52 bytes) |
| 177 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: setting language preference to 'en' |
| 178 | 14 | Andreas Steffen | </pre> |
| 179 | 14 | Andreas Steffen | |
| 180 | 1 | Andreas Steffen | The first PA-TNC message is of type *IETF / Operating System* and contains some IETF standard attributes sent by the OS IMC |
| 181 | 1 | Andreas Steffen | <pre> |
| 182 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001 |
| 183 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 "OS" received message for Connection ID 1 from IMC 1 |
| 184 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: => 206 bytes @ 0x7ff810004f10 |
| 185 | 20 | Andreas Steffen | 0: 01 00 00 00 6F 69 67 01 00 00 00 00 00 00 00 02 ....oig......... |
| 186 | 14 | Andreas Steffen | 16: 00 00 00 17 00 71 32 00 00 55 62 75 6E 74 75 00 .....q2..Ubuntu. |
| 187 | 14 | Andreas Steffen | 32: 00 00 00 00 00 00 04 00 00 00 1B 0C 31 36 2E 30 ............16.0 |
| 188 | 1 | Andreas Steffen | 48: 34 20 78 38 36 5F 36 34 00 00 00 00 00 00 00 00 4 x86_64........ |
| 189 | 1 | Andreas Steffen | 64: 00 03 00 00 00 1C 00 00 00 10 00 00 00 04 00 00 ................ |
| 190 | 1 | Andreas Steffen | 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 ................ |
| 191 | 20 | Andreas Steffen | 96: 00 24 03 01 00 00 32 30 31 37 2D 30 36 2D 31 39 .$....2017-06-19 |
| 192 | 20 | Andreas Steffen | 112: 54 31 34 3A 31 38 3A 33 35 5A 00 00 00 00 00 00 T14:18:35Z...... |
| 193 | 14 | Andreas Steffen | 128: 00 0B 00 00 00 10 00 00 00 01 00 00 00 00 00 00 ................ |
| 194 | 14 | Andreas Steffen | 144: 00 0C 00 00 00 10 00 00 00 00 00 00 90 2A 00 00 .............*.. |
| 195 | 1 | Andreas Steffen | 160: 00 08 00 00 00 34 35 64 39 35 30 32 31 33 39 36 .....45d95021396 |
| 196 | 1 | Andreas Steffen | 176: 64 32 34 31 35 65 35 63 35 33 63 61 32 64 65 61 d2415e5c53ca2dea |
| 197 | 1 | Andreas Steffen | 192: 36 66 62 63 31 63 32 33 38 37 63 35 36 61 6fbc1c2387c56a |
| 198 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC message with ID 0x6f696701 |
| 199 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002 |
| 200 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004 |
| 201 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003 |
| 202 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005 |
| 203 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b |
| 204 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c |
| 205 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008 |
| 206 | 14 | Andreas Steffen | </pre> |
| 207 | 14 | Andreas Steffen | |
| 208 | 1 | Andreas Steffen | This is the OS information contained in the PA-TNC attributes |
| 209 | 1 | Andreas Steffen | <pre> |
| 210 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: operating system name is 'Ubuntu' from vendor Canonical |
| 211 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: operating system version is '16.04 x86_64' |
| 212 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: operating system numeric version is 16.4 |
| 213 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: operational status: operational, result: successful |
| 214 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: last boot: Jun 19 14:18:35 UTC 2017 |
| 215 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: IPv4 forwarding is enabled |
| 216 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: factory default password is disabled |
| 217 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: device ID is 5d95021396d2415e5c53ca2dea6fbc1c2387c56a |
| 218 | 14 | Andreas Steffen | </pre> |
| 219 | 14 | Andreas Steffen | |
| 220 | 1 | Andreas Steffen | The second PA-TNC message is of type *IETF / Software* and contains a PA-TNC segmentation contract request |
| 221 | 1 | Andreas Steffen | <pre> |
| 222 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009 |
| 223 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 |
| 224 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: => 28 bytes @ 0x7ff810005860 |
| 225 | 20 | Andreas Steffen | 0: 01 00 00 00 19 74 B7 4E 00 00 55 97 00 00 00 21 .....t.N..U....! |
| 226 | 14 | Andreas Steffen | 16: 00 00 00 14 00 98 96 80 00 01 FF B8 ............ |
| 227 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC message with ID 0x1974b74e |
| 228 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021 |
| 229 | 14 | Andreas Steffen | </pre> |
| 230 | 14 | Andreas Steffen | |
| 231 | 1 | Andreas Steffen | This is the decoded segmentation contract request |
| 232 | 1 | Andreas Steffen | <pre> |
| 233 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 received a segmentation contract request from IMC 2 for PA message type 'IETF/Software' 0x000000/0x00000009 |
| 234 | 1 | Andreas Steffen | maximum attribute size of 10000000 bytes with maximum segment size of 131000 bytes |
| 235 | 14 | Andreas Steffen | </pre> |
| 236 | 1 | Andreas Steffen | |
| 237 | 1 | Andreas Steffen | <pre> |
| 238 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0xa41e0787 |
| 239 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022 |
| 240 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 28 bytes @ 0x7ff810000a00 |
| 241 | 20 | Andreas Steffen | 0: 01 00 00 00 A4 1E 07 87 00 00 55 97 00 00 00 22 ..........U...." |
| 242 | 14 | Andreas Steffen | 16: 00 00 00 14 00 98 96 80 00 01 FF B8 ............ |
| 243 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009 |
| 244 | 1 | Andreas Steffen | </pre> |
| 245 | 20 | Andreas Steffen | |
| 246 | 20 | Andreas Steffen | The OS IMV also sends a segmentation contract request for PA message type *IETF / Operating System* |
| 247 | 1 | Andreas Steffen | <pre> |
| 248 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 requests a segmentation contract for PA message type 'IETF/Operating System' 0x000000/0x00000001 |
| 249 | 1 | Andreas Steffen | maximum attribute size of 100000000 bytes with maximum segment size of 131000 bytes |
| 250 | 1 | Andreas Steffen | </pre> |
| 251 | 20 | Andreas Steffen | |
| 252 | 20 | Andreas Steffen | The strongTNC policy manager assigns a session ID and issues a single SWIDT workitem |
| 253 | 14 | Andreas Steffen | <pre> |
| 254 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: assigned session ID 2 to Connection ID 1 |
| 255 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: running policy script: 2>&1 ipsec imv_policy_manager start 2 |
| 256 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: policy: imv_policy_manager start successful |
| 257 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: SWIDT workitem 9 |
| 258 | 14 | Andreas Steffen | </pre> |
| 259 | 20 | Andreas Steffen | |
| 260 | 21 | Andreas Steffen | The OS IMV has not been assigned any work items by the policy manager and therefore terminates gracefully |
| 261 | 14 | Andreas Steffen | <pre> |
| 262 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 has no workitems - no evaluation requested |
| 263 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0x916d188f |
| 264 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009 |
| 265 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/Remediation Instructions' 0x000000/0x0000000a |
| 266 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 117 bytes @ 0x7ff810004f20 |
| 267 | 20 | Andreas Steffen | 0: 01 00 00 00 91 6D 18 8F 00 00 00 00 00 00 00 09 .....m.......... |
| 268 | 1 | Andreas Steffen | 16: 00 00 00 10 00 00 00 04 00 00 00 00 00 00 00 0A ................ |
| 269 | 1 | Andreas Steffen | 32: 00 00 00 5D 00 00 00 00 00 00 00 02 00 00 00 42 ...]...........B |
| 270 | 1 | Andreas Steffen | 48: 49 50 20 50 61 63 6B 65 74 20 46 6F 72 77 61 72 IP Packet Forwar |
| 271 | 14 | Andreas Steffen | 64: 64 69 6E 67 0A 20 20 50 6C 65 61 73 65 20 64 69 ding. Please di |
| 272 | 14 | Andreas Steffen | 80: 73 61 62 6C 65 20 74 68 65 20 66 6F 72 77 61 72 sable the forwar |
| 273 | 1 | Andreas Steffen | 96: 64 69 6E 67 20 6F 66 20 49 50 20 70 61 63 6B 65 ding of IP packe |
| 274 | 14 | Andreas Steffen | 112: 74 73 02 65 6E ts.en |
| 275 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001 |
| 276 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: IMV 1 provides recommendation 'allow' and evaluation 'don't know' |
| 277 | 14 | Andreas Steffen | </pre> |
| 278 | 1 | Andreas Steffen | |
| 279 | 20 | Andreas Steffen | The SWIMA IMV sends a segmentation contract request for PA message type *IETF / Software* as well |
| 280 | 14 | Andreas Steffen | <pre> |
| 281 | 20 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 requests a segmentation contract for PA message type 'IETF/Software' 0x000000/0x00000009 |
| 282 | 1 | Andreas Steffen | maximum attribute size of 10000000 bytes with maximum segment size of 131000 bytes |
| 283 | 14 | Andreas Steffen | </pre> |
| 284 | 14 | Andreas Steffen | |
| 285 | 14 | Andreas Steffen | h2. Sending IETF SW Request Attribute |
| 286 | 1 | Andreas Steffen | |
| 287 | 21 | Andreas Steffen | The SWIMA IMV is responsible for the SWIDT workitem and issues an *IETF / SW Request* attribute |
| 288 | 1 | Andreas Steffen | <pre> |
| 289 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 handles SWIDT workitem 9 |
| 290 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 issues sw request 9 |
| 291 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0xeaeacdc3 |
| 292 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021 |
| 293 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/SW Request' 0x000000/0x00000011 |
| 294 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 52 bytes @ 0x7ff810005550 |
| 295 | 21 | Andreas Steffen | 0: 01 00 00 00 EA EA CD C3 00 00 55 97 00 00 00 21 ..........U....! |
| 296 | 14 | Andreas Steffen | 16: 00 00 00 14 00 98 96 80 00 01 FF B8 00 00 00 00 ................ |
| 297 | 21 | Andreas Steffen | 32: 00 00 00 11 00 00 00 18 20 00 00 00 00 00 00 09 ........ ....... |
| 298 | 1 | Andreas Steffen | 48: 00 00 00 00 .... |
| 299 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009 |
| 300 | 1 | Andreas Steffen | </pre> |
| 301 | 1 | Andreas Steffen | |
| 302 | 21 | Andreas Steffen | The first Server DATA batch is sent to the TNC Client |
| 303 | 1 | Andreas Steffen | <pre> |
| 304 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling outbound connection |
| 305 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Server Working' to 'Client Working' |
| 306 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-TNC SDATA batch |
| 307 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message |
| 308 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message |
| 309 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message |
| 310 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: sending PB-TNC SDATA batch (277 bytes) for Connection ID 1 |
| 311 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: sending PT-TLS message #2 of type 'PB-TNC Batch' (293 bytes) |
| 312 | 1 | Andreas Steffen | </pre> |
| 313 | 1 | Andreas Steffen | |
| 314 | 1 | Andreas Steffen | h2. Receiving IETF SW Identity Inventory Attribute |
| 315 | 1 | Andreas Steffen | |
| 316 | 21 | Andreas Steffen | A Client DATA batch has been received |
| 317 | 1 | Andreas Steffen | <pre> |
| 318 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: received PT-TLS message #2 of type 'PB-TNC Batch' (131072 bytes) |
| 319 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: received TNCCS batch (131056 bytes) |
| 320 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling inbound connection |
| 321 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PB-TNC CDATA batch for Connection ID 1 |
| 322 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Client Working' to 'Server Working' |
| 323 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-PA message (131048 bytes) |
| 324 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009 |
| 325 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 to IMV 2 |
| 326 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: => 131024 bytes @ 0x7ff820090960 |
| 327 | 21 | Andreas Steffen | 0: 01 00 00 00 AC 4D 42 7A 00 00 55 97 00 00 00 22 .....MBz..U...." |
| 328 | 1 | Andreas Steffen | 16: 00 00 00 14 00 98 96 80 00 01 FF B8 00 00 55 97 ..............U. |
| 329 | 1 | Andreas Steffen | 32: 00 00 00 23 00 01 FF B4 C0 00 00 01 00 00 00 00 ...#............ |
| 330 | 21 | Andreas Steffen | 48: 00 00 00 12 00 02 88 84 00 00 08 01 00 00 00 09 ................ |
| 331 | 21 | Andreas Steffen | 64: 3B 8A 77 A3 00 00 00 A1 00 00 0A CF 00 00 00 01 ;.w............. |
| 332 | 21 | Andreas Steffen | 80: 01 00 00 52 73 74 72 6F 6E 67 73 77 61 6E 2E 6F ...Rstrongswan.o |
| 333 | 21 | Andreas Steffen | 96: 72 67 5F 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 rg__Ubuntu_16.04 |
| 334 | 21 | Andreas Steffen | 112: 2D 78 38 36 5F 36 34 2D 61 31 31 79 2D 70 72 6F -x86_64-a11y-pro |
| 335 | 21 | Andreas Steffen | 128: 66 69 6C 65 2D 6D 61 6E 61 67 65 72 2D 69 6E 64 file-manager-ind |
| 336 | 21 | Andreas Steffen | 144: 69 63 61 74 6F 72 2D 30 2E 31 2E 31 30 2D 30 75 icator-0.1.10-0u |
| 337 | 21 | Andreas Steffen | 160: 62 75 6E 74 75 33 00 00 00 00 0A D0 00 00 00 01 buntu3.......... |
| 338 | 21 | Andreas Steffen | 176: 01 00 00 58 73 74 72 6F 6E 67 73 77 61 6E 2E 6F ...Xstrongswan.o |
| 339 | 21 | Andreas Steffen | 192: 72 67 5F 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 rg__Ubuntu_16.04 |
| 340 | 21 | Andreas Steffen | 208: 2D 78 38 36 5F 36 34 2D 61 63 63 6F 75 6E 74 2D -x86_64-account- |
| 341 | 21 | Andreas Steffen | 224: 70 6C 75 67 69 6E 2D 66 61 63 65 62 6F 6F 6B 2D plugin-facebook- |
| 342 | 21 | Andreas Steffen | 240: 30 2E 31 32 7E 31 36 2E 30 34 2E 32 30 31 36 30 0.12~16.04.20160 |
| 343 | 21 | Andreas Steffen | 256: 31 32 36 2D 30 75 62 75 6E 74 75 31 00 00 00 00 126-0ubuntu1.... |
| 344 | 21 | Andreas Steffen | 272: 0A D1 00 00 00 01 01 00 00 56 73 74 72 6F 6E 67 .........Vstrong |
| 345 | 21 | Andreas Steffen | 288: 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 75 6E 74 75 swan.org__Ubuntu |
| 346 | 21 | Andreas Steffen | 304: 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 61 63 _16.04-x86_64-ac |
| 347 | 21 | Andreas Steffen | 320: 63 6F 75 6E 74 2D 70 6C 75 67 69 6E 2D 66 6C 69 count-plugin-fli |
| 348 | 21 | Andreas Steffen | 336: 63 6B 72 2D 30 2E 31 32 7E 31 36 2E 30 34 2E 32 ckr-0.12~16.04.2 |
| 349 | 21 | Andreas Steffen | 352: 30 31 36 30 31 32 36 2D 30 75 62 75 6E 74 75 31 0160126-0ubuntu1 |
| 350 | 21 | Andreas Steffen | 368: 00 00 00 00 0A D2 00 00 00 01 01 00 00 56 73 74 .............Vst |
| 351 | 21 | Andreas Steffen | 384: 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 rongswan.org__Ub |
| 352 | 21 | Andreas Steffen | 400: 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 untu_16.04-x86_6 |
| 353 | 21 | Andreas Steffen | 416: 34 2D 61 63 63 6F 75 6E 74 2D 70 6C 75 67 69 6E 4-account-plugin |
| 354 | 21 | Andreas Steffen | 432: 2D 67 6F 6F 67 6C 65 2D 30 2E 31 32 7E 31 36 2E -google-0.12~16. |
| 355 | 21 | Andreas Steffen | 448: 30 34 2E 32 30 31 36 30 31 32 36 2D 30 75 62 75 04.20160126-0ubu |
| 356 | 21 | Andreas Steffen | 464: 6E 74 75 31 00 00 00 00 06 2E 00 00 00 01 01 00 ntu1............ |
| 357 | 1 | Andreas Steffen | ... |
| 358 | 21 | Andreas Steffen | 130656: 00 00 00 01 01 00 00 4A 73 74 72 6F 6E 67 73 77 .......Jstrongsw |
| 359 | 21 | Andreas Steffen | 130672: 61 6E 2E 6F 72 67 5F 5F 55 62 75 6E 74 75 5F 31 an.org__Ubuntu_1 |
| 360 | 21 | Andreas Steffen | 130688: 36 2E 30 34 2D 78 38 36 5F 36 34 2D 70 72 69 6E 6.04-x86_64-prin |
| 361 | 21 | Andreas Steffen | 130704: 74 65 72 2D 64 72 69 76 65 72 2D 68 70 63 75 70 ter-driver-hpcup |
| 362 | 21 | Andreas Steffen | 130720: 73 2D 33 2E 31 36 2E 33 7E 72 65 70 61 63 6B 30 s-3.16.3~repack0 |
| 363 | 21 | Andreas Steffen | 130736: 2D 31 00 00 00 00 0E D8 00 00 00 01 01 00 00 43 -1.............C |
| 364 | 21 | Andreas Steffen | 130752: 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F strongswan.org__ |
| 365 | 21 | Andreas Steffen | 130768: 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 Ubuntu_16.04-x86 |
| 366 | 21 | Andreas Steffen | 130784: 5F 36 34 2D 70 72 69 6E 74 65 72 2D 64 72 69 76 _64-printer-driv |
| 367 | 21 | Andreas Steffen | 130800: 65 72 2D 6D 69 6E 31 32 78 78 77 2D 30 2E 30 2E er-min12xxw-0.0. |
| 368 | 21 | Andreas Steffen | 130816: 39 2D 39 00 00 00 00 0E D9 00 00 00 01 01 00 00 9-9............. |
| 369 | 21 | Andreas Steffen | 130832: 4F 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F Ostrongswan.org_ |
| 370 | 21 | Andreas Steffen | 130848: 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 _Ubuntu_16.04-x8 |
| 371 | 21 | Andreas Steffen | 130864: 36 5F 36 34 2D 70 72 69 6E 74 65 72 2D 64 72 69 6_64-printer-dri |
| 372 | 21 | Andreas Steffen | 130880: 76 65 72 2D 70 6E 6D 32 70 70 61 2D 31 2E 31 33 ver-pnm2ppa-1.13 |
| 373 | 21 | Andreas Steffen | 130896: 7E 6E 6F 6E 64 62 73 2D 30 75 62 75 6E 74 75 35 ~nondbs-0ubuntu5 |
| 374 | 21 | Andreas Steffen | 130912: 00 00 00 00 0E DA 00 00 00 01 01 00 00 51 73 74 .............Qst |
| 375 | 21 | Andreas Steffen | 130928: 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 rongswan.org__Ub |
| 376 | 21 | Andreas Steffen | 130944: 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 untu_16.04-x86_6 |
| 377 | 21 | Andreas Steffen | 130960: 34 2D 70 72 69 6E 74 65 72 2D 64 72 69 76 65 72 4-printer-driver |
| 378 | 21 | Andreas Steffen | 130976: 2D 70 6F 73 74 73 63 72 69 70 74 2D 68 70 2D 33 -postscript-hp-3 |
| 379 | 21 | Andreas Steffen | 130992: 2E 31 36 2E 33 7E 72 65 70 61 63 6B 30 2D 31 00 .16.3~repack0-1. |
| 380 | 21 | Andreas Steffen | 131008: 00 00 00 0E DB 00 00 00 01 01 00 00 3F 73 74 72 ............?str |
| 381 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC message with ID 0xac4d427a |
| 382 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022 |
| 383 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'TCG/Attribute Segment Envelope' 0x005597/0x00000023 |
| 384 | 15 | Andreas Steffen | </pre> |
| 385 | 15 | Andreas Steffen | |
| 386 | 21 | Andreas Steffen | The SWIMA IMC accepted the segmentation contract |
| 387 | 15 | Andreas Steffen | <pre> |
| 388 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 received a segmentation contract response from IMC 2 for PA message type 'IETF/Software' 0x000000/0x00000009 |
| 389 | 1 | Andreas Steffen | maximum attribute size of 10000000 bytes with maximum segment size of 131000 bytes |
| 390 | 15 | Andreas Steffen | </pre> |
| 391 | 21 | Andreas Steffen | |
| 392 | 22 | Andreas Steffen | The first 128k segment of an *IETF / Software* message has been received |
| 393 | 15 | Andreas Steffen | <pre> |
| 394 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: received first segment for base attribute ID 1 (130980 bytes) |
| 395 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/SW Identifier Inventory' 0x000000/0x00000012 |
| 396 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 3 bytes insufficient to parse 63 bytes of data |
| 397 | 15 | Andreas Steffen | </pre> |
| 398 | 15 | Andreas Steffen | |
| 399 | 22 | Andreas Steffen | 1646 complete software identifiers including their record ID were received in the first segment, 424 identifiers are to follow |
| 400 | 1 | Andreas Steffen | <pre> |
| 401 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: received software identity inventory with 1625 items for request 9 at eid 161 of epoch 0x3b8a77a3, 424 items to follow |
| 402 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 2767: strongswan.org__Ubuntu_16.04-x86_64-a11y-profile-manager-indicator-0.1.10-0ubuntu3 |
| 403 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 2768: strongswan.org__Ubuntu_16.04-x86_64-account-plugin-facebook-0.12~16.04.20160126-0ubuntu1 |
| 404 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 2769: strongswan.org__Ubuntu_16.04-x86_64-account-plugin-flickr-0.12~16.04.20160126-0ubuntu1 |
| 405 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 2770: strongswan.org__Ubuntu_16.04-x86_64-account-plugin-google-0.12~16.04.20160126-0ubuntu1 |
| 406 | 21 | Andreas Steffen | ... |
| 407 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 3799: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-hpcups-3.16.3~repack0-1 |
| 408 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 3800: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-min12xxw-0.0.9-9 |
| 409 | 21 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 3801: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-pnm2ppa-1.13~nondbs-0ubuntu5 |
| 410 | 1 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 3802: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-postscript-hp-3.16.3~repack0-1 |
| 411 | 1 | Andreas Steffen | </pre> |
| 412 | 22 | Andreas Steffen | |
| 413 | 22 | Andreas Steffen | The SWIMA IMV requests the next segment of the *IETF / Software* message |
| 414 | 1 | Andreas Steffen | <pre> |
| 415 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0x41ff7fe5 |
| 416 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'TCG/Next Segment Request' 0x005597/0x00000024 |
| 417 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 24 bytes @ 0x7ff82015ae30 |
| 418 | 22 | Andreas Steffen | 0: 01 00 00 00 41 FF 7F E5 00 00 55 97 00 00 00 24 ....A.....U....$ |
| 419 | 1 | Andreas Steffen | 16: 00 00 00 10 00 00 00 01 ........ |
| 420 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009 |
| 421 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling outbound connection |
| 422 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Server Working' to 'Client Working' |
| 423 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-TNC SDATA batch |
| 424 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message |
| 425 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: sending PB-TNC SDATA batch (56 bytes) for Connection ID 1 |
| 426 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: sending PT-TLS message #3 of type 'PB-TNC Batch' (72 bytes) |
| 427 | 1 | Andreas Steffen | </pre> |
| 428 | 22 | Andreas Steffen | |
| 429 | 22 | Andreas Steffen | The second and last segment of the *IETF / Software* message has been received |
| 430 | 1 | Andreas Steffen | <pre> |
| 431 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: received PT-TLS message #3 of type 'PB-TNC Batch' (35112 bytes) |
| 432 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: received TNCCS batch (35096 bytes) |
| 433 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling inbound connection |
| 434 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PB-TNC CDATA batch for Connection ID 1 |
| 435 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Client Working' to 'Server Working' |
| 436 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing IETF/PB-PA message (35088 bytes) |
| 437 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009 |
| 438 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 to IMV 2 |
| 439 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: => 35064 bytes @ 0x7ff81802afa0 |
| 440 | 22 | Andreas Steffen | 0: 01 00 00 00 C4 99 91 00 00 00 55 97 00 00 00 23 ..........U....# |
| 441 | 22 | Andreas Steffen | 16: 00 00 88 F0 00 00 00 01 6F 6E 67 73 77 61 6E 2E ........ongswan. |
| 442 | 22 | Andreas Steffen | 32: 6F 72 67 5F 5F 55 62 75 6E 74 75 5F 31 36 2E 30 org__Ubuntu_16.0 |
| 443 | 22 | Andreas Steffen | 48: 34 2D 78 38 36 5F 36 34 2D 70 72 69 6E 74 65 72 4-x86_64-printer |
| 444 | 22 | Andreas Steffen | 64: 2D 64 72 69 76 65 72 2D 70 74 6F 75 63 68 2D 31 -driver-ptouch-1 |
| 445 | 22 | Andreas Steffen | 80: 2E 34 2D 31 00 00 00 00 0E DC 00 00 00 01 01 00 .4-1............ |
| 446 | 22 | Andreas Steffen | 96: 00 46 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 .Fstrongswan.org |
| 447 | 22 | Andreas Steffen | 112: 5F 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 __Ubuntu_16.04-x |
| 448 | 22 | Andreas Steffen | 128: 38 36 5F 36 34 2D 70 72 69 6E 74 65 72 2D 64 72 86_64-printer-dr |
| 449 | 22 | Andreas Steffen | 144: 69 76 65 72 2D 70 78 6C 6A 72 2D 31 2E 34 7E 72 iver-pxljr-1.4~r |
| 450 | 22 | Andreas Steffen | 160: 65 70 61 63 6B 30 2D 34 00 00 00 00 0E DD 00 00 epack0-4........ |
| 451 | 22 | Andreas Steffen | 176: 00 01 01 00 00 47 73 74 72 6F 6E 67 73 77 61 6E .....Gstrongswan |
| 452 | 22 | Andreas Steffen | 192: 2E 6F 72 67 5F 5F 55 62 75 6E 74 75 5F 31 36 2E .org__Ubuntu_16. |
| 453 | 22 | Andreas Steffen | 208: 30 34 2D 78 38 36 5F 36 34 2D 70 72 69 6E 74 65 04-x86_64-printe |
| 454 | 22 | Andreas Steffen | 224: 72 2D 64 72 69 76 65 72 2D 73 61 67 2D 67 64 69 r-driver-sag-gdi |
| 455 | 22 | Andreas Steffen | 240: 2D 30 2E 31 2D 34 75 62 75 6E 74 75 31 00 00 00 -0.1-4ubuntu1... |
| 456 | 22 | Andreas Steffen | 256: 00 0E DE 00 00 00 01 01 00 00 50 73 74 72 6F 6E ..........Pstron |
| 457 | 22 | Andreas Steffen | 272: 67 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 75 6E 74 gswan.org__Ubunt |
| 458 | 22 | Andreas Steffen | 288: 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 2D 70 u_16.04-x86_64-p |
| 459 | 22 | Andreas Steffen | 304: 72 69 6E 74 65 72 2D 64 72 69 76 65 72 2D 73 70 rinter-driver-sp |
| 460 | 22 | Andreas Steffen | 320: 6C 69 78 2D 32 2E 30 2E 30 7E 73 76 6E 33 31 35 lix-2.0.0~svn315 |
| 461 | 22 | Andreas Steffen | 336: 2D 34 66 61 6B 65 73 79 6E 63 31 00 00 00 00 06 -4fakesync1..... |
| 462 | 22 | Andreas Steffen | ... |
| 463 | 22 | Andreas Steffen | 34688: 75 32 00 00 00 00 0F E0 00 00 00 01 01 00 00 43 u2.............C |
| 464 | 22 | Andreas Steffen | 34704: 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F strongswan.org__ |
| 465 | 22 | Andreas Steffen | 34720: 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 Ubuntu_16.04-x86 |
| 466 | 22 | Andreas Steffen | 34736: 5F 36 34 2D 7A 65 6E 69 74 79 2D 63 6F 6D 6D 6F _64-zenity-commo |
| 467 | 22 | Andreas Steffen | 34752: 6E 2D 33 2E 31 38 2E 31 2E 31 2D 31 75 62 75 6E n-3.18.1.1-1ubun |
| 468 | 22 | Andreas Steffen | 34768: 74 75 32 00 00 00 00 0F E1 00 00 00 01 01 00 00 tu2............. |
| 469 | 22 | Andreas Steffen | 34784: 2E 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F .strongswan.org_ |
| 470 | 22 | Andreas Steffen | 34800: 5F 55 62 75 6E 74 75 5F 31 36 2E 30 34 2D 78 38 _Ubuntu_16.04-x8 |
| 471 | 22 | Andreas Steffen | 34816: 36 5F 36 34 2D 7A 69 70 2D 33 2E 30 2D 31 31 00 6_64-zip-3.0-11. |
| 472 | 22 | Andreas Steffen | 34832: 00 00 00 09 D2 00 00 00 01 01 00 00 42 73 74 72 ............Bstr |
| 473 | 22 | Andreas Steffen | 34848: 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 75 ongswan.org__Ubu |
| 474 | 22 | Andreas Steffen | 34864: 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 ntu_16.04-x86_64 |
| 475 | 22 | Andreas Steffen | 34880: 2D 7A 6C 69 62 31 67 2D 31 7E 31 2E 32 2E 38 2E -zlib1g-1~1.2.8. |
| 476 | 22 | Andreas Steffen | 34896: 64 66 73 67 2D 32 75 62 75 6E 74 75 34 2E 31 00 dfsg-2ubuntu4.1. |
| 477 | 22 | Andreas Steffen | 34912: 00 00 00 09 D9 00 00 00 01 01 00 00 46 73 74 72 ............Fstr |
| 478 | 22 | Andreas Steffen | 34928: 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F 55 62 75 ongswan.org__Ubu |
| 479 | 22 | Andreas Steffen | 34944: 6E 74 75 5F 31 36 2E 30 34 2D 78 38 36 5F 36 34 ntu_16.04-x86_64 |
| 480 | 22 | Andreas Steffen | 34960: 2D 7A 6C 69 62 31 67 2D 64 65 76 2D 31 7E 31 2E -zlib1g-dev-1~1. |
| 481 | 22 | Andreas Steffen | 34976: 32 2E 38 2E 64 66 73 67 2D 32 75 62 75 6E 74 75 2.8.dfsg-2ubuntu |
| 482 | 22 | Andreas Steffen | 34992: 34 2E 31 00 00 00 00 00 00 00 00 00 01 02 00 00 4.1............. |
| 483 | 22 | Andreas Steffen | 35008: 20 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F strongswan.org_ |
| 484 | 22 | Andreas Steffen | 35024: 5F 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 35 2D _strongSwan-5-5- |
| 485 | 22 | Andreas Steffen | 35040: 33 00 15 2F 75 73 72 2F 73 68 61 72 65 2F 73 74 3../usr/share/st |
| 486 | 22 | Andreas Steffen | 35056: 72 6F 6E 67 73 77 61 6E rongswan |
| 487 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC message with ID 0xc4999100 |
| 488 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: processing PA-TNC attribute type 'TCG/Attribute Segment Envelope' 0x005597/0x00000023 |
| 489 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: received last segment for base attribute ID 1 (35040 bytes) |
| 490 | 16 | Andreas Steffen | </pre> |
| 491 | 16 | Andreas Steffen | |
| 492 | 22 | Andreas Steffen | The remaining software identifiers have been received. The *IETF / Software Identifier Inventory* attribute is complete |
| 493 | 22 | Andreas Steffen | <pre> |
| 494 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: received software identity inventory with 424 items for request 9 at eid 161 of epoch 0x3b8a77a3, 0 items to follow |
| 495 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 3803: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-ptouch-1.4-1 |
| 496 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 3804: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-pxljr-1.4~repack0-4 |
| 497 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 3805: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-sag-gdi-0.1-4ubuntu1 |
| 498 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 3806: strongswan.org__Ubuntu_16.04-x86_64-printer-driver-splix-2.0.0~svn315-4fakesync1 |
| 499 | 22 | Andreas Steffen | ... |
| 500 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 4064: strongswan.org__Ubuntu_16.04-x86_64-zenity-common-3.18.1.1-1ubuntu2 |
| 501 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 4065: strongswan.org__Ubuntu_16.04-x86_64-zip-3.0-11 |
| 502 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 2514: strongswan.org__Ubuntu_16.04-x86_64-zlib1g-1~1.2.8.dfsg-2ubuntu4.1 |
| 503 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 2521: strongswan.org__Ubuntu_16.04-x86_64-zlib1g-dev-1~1.2.8.dfsg-2ubuntu4.1 |
| 504 | 26 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 0: strongswan.org__strongSwan-5-5-3 @ /usr/share/strongswan |
| 505 | 16 | Andreas Steffen | </pre> |
| 506 | 16 | Andreas Steffen | |
| 507 | 16 | Andreas Steffen | h2. Sending IETF [Targeted] SW Request Attribute |
| 508 | 16 | Andreas Steffen | |
| 509 | 22 | Andreas Steffen | All software identifiers are sent to the strongTNC policy manager via a REST-ful interface. The policy manager checks all software identifiers in its database and finds that it does not have a SWID tag for the strongSwan-5.5.3 software |
| 510 | 16 | Andreas Steffen | <pre> |
| 511 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: sending request to 'https://admin-user:xxxxxxxxxx!@tnc.strongswan.org/api/sessions/2/swid-measurement/'... |
| 512 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: 1 SWID tag target |
| 513 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: strongswan.org__strongSwan-5-5-3 |
| 514 | 16 | Andreas Steffen | </pre> |
| 515 | 16 | Andreas Steffen | |
| 516 | 22 | Andreas Steffen | A targeted *IETF / SW Request* attribute is sent in Server DATA batch |
| 517 | 16 | Andreas Steffen | <pre> |
| 518 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC message with ID 0x6d9f210a |
| 519 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/SW Request' 0x000000/0x00000011 |
| 520 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: created PA-TNC message: => 66 bytes @ 0x7ff8180036c0 |
| 521 | 22 | Andreas Steffen | 0: 01 00 00 00 6D 9F 21 0A 00 00 00 00 00 00 00 11 ....m.!......... |
| 522 | 22 | Andreas Steffen | 16: 00 00 00 3A 00 00 00 01 00 00 00 09 00 00 00 00 ...:............ |
| 523 | 22 | Andreas Steffen | 32: 00 20 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 . strongswan.org |
| 524 | 22 | Andreas Steffen | 48: 5F 5F 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 35 __strongSwan-5-5 |
| 525 | 22 | Andreas Steffen | 64: 2D 33 -3 |
| 526 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009 |
| 527 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: TNC server is handling outbound connection |
| 528 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: PB-TNC state transition from 'Server Working' to 'Client Working' |
| 529 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: creating PB-TNC SDATA batch |
| 530 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: adding IETF/PB-PA message |
| 531 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: sending PB-TNC SDATA batch (98 bytes) for Connection ID 1 |
| 532 | 22 | Andreas Steffen | Jun 22 12:34:57 koala charon-systemd[12088]: sending PT-TLS message #4 of type 'PB-TNC Batch' (114 bytes) |
| 533 | 16 | Andreas Steffen | </pre> |
| 534 | 16 | Andreas Steffen | |
| 535 | 16 | Andreas Steffen | h2. Receiving IETF SW Inventory Attribute |
| 536 | 16 | Andreas Steffen | |
| 537 | 16 | Andreas Steffen | <pre> |
| 538 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: received PT-TLS message #4 of type 'PB-TNC Batch' (508 bytes) |
| 539 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: received TNCCS batch (492 bytes) |
| 540 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: TNC server is handling inbound connection |
| 541 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: processing PB-TNC CDATA batch for Connection ID 1 |
| 542 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: PB-TNC state transition from 'Client Working' to 'Server Working' |
| 543 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: processing IETF/PB-PA message (484 bytes) |
| 544 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: handling PB-PA message type 'IETF/Software' 0x000000/0x00000009 |
| 545 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: IMV 2 "SWIMA" received message for Connection ID 1 from IMC 2 to IMV 2 |
| 546 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: => 460 bytes @ 0x7ff83c003ef0 |
| 547 | 22 | Andreas Steffen | 0: 01 00 00 00 9A 73 D4 63 00 00 00 00 00 00 00 14 .....s.c........ |
| 548 | 22 | Andreas Steffen | 16: 00 00 01 C4 00 00 00 01 00 00 00 09 11 22 33 44 ............."3D |
| 549 | 22 | Andreas Steffen | 32: 00 00 00 01 00 00 00 00 00 00 00 01 02 00 00 20 ............... |
| 550 | 22 | Andreas Steffen | 48: 73 74 72 6F 6E 67 73 77 61 6E 2E 6F 72 67 5F 5F strongswan.org__ |
| 551 | 22 | Andreas Steffen | 64: 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 35 2D 33 strongSwan-5-5-3 |
| 552 | 22 | Andreas Steffen | 80: 00 15 2F 75 73 72 2F 73 68 61 72 65 2F 73 74 72 ../usr/share/str |
| 553 | 22 | Andreas Steffen | 96: 6F 6E 67 73 77 61 6E 00 00 01 61 3C 3F 78 6D 6C ongswan...a<?xml |
| 554 | 22 | Andreas Steffen | 112: 20 76 65 72 73 69 6F 6E 3D 22 31 2E 30 22 20 65 version="1.0" e |
| 555 | 22 | Andreas Steffen | 128: 6E 63 6F 64 69 6E 67 3D 22 75 74 66 2D 38 22 3F ncoding="utf-8"? |
| 556 | 22 | Andreas Steffen | 144: 3E 0A 0A 3C 53 6F 66 74 77 61 72 65 49 64 65 6E >..<SoftwareIden |
| 557 | 22 | Andreas Steffen | 160: 74 69 74 79 0A 20 20 6E 61 6D 65 3D 22 73 74 72 tity. name="str |
| 558 | 22 | Andreas Steffen | 176: 6F 6E 67 53 77 61 6E 22 0A 20 20 74 61 67 49 64 ongSwan". tagId |
| 559 | 22 | Andreas Steffen | 192: 3D 22 73 74 72 6F 6E 67 53 77 61 6E 2D 35 2D 35 ="strongSwan-5-5 |
| 560 | 22 | Andreas Steffen | 208: 2D 33 22 0A 20 20 76 65 72 73 69 6F 6E 3D 22 35 -3". version="5 |
| 561 | 22 | Andreas Steffen | 224: 2E 35 2E 33 22 20 76 65 72 73 69 6F 6E 53 63 68 .5.3" versionSch |
| 562 | 22 | Andreas Steffen | 240: 65 6D 65 3D 22 61 6C 70 68 61 6E 75 6D 65 72 69 eme="alphanumeri |
| 563 | 22 | Andreas Steffen | 256: 63 22 0A 20 20 78 6D 6C 6E 73 3D 22 68 74 74 70 c". xmlns="http |
| 564 | 22 | Andreas Steffen | 272: 3A 2F 2F 73 74 61 6E 64 61 72 64 73 2E 69 73 6F ://standards.iso |
| 565 | 22 | Andreas Steffen | 288: 2E 6F 72 67 2F 69 73 6F 2F 31 39 37 37 30 2F 2D .org/iso/19770/- |
| 566 | 22 | Andreas Steffen | 304: 32 2F 32 30 31 35 2F 73 63 68 65 6D 61 2E 78 73 2/2015/schema.xs |
| 567 | 22 | Andreas Steffen | 320: 64 22 3E 0A 20 20 3C 45 6E 74 69 74 79 0A 20 20 d">. <Entity. |
| 568 | 22 | Andreas Steffen | 336: 20 20 6E 61 6D 65 3D 22 73 74 72 6F 6E 67 53 77 name="strongSw |
| 569 | 22 | Andreas Steffen | 352: 61 6E 20 50 72 6F 6A 65 63 74 22 0A 20 20 20 20 an Project". |
| 570 | 22 | Andreas Steffen | 368: 72 65 67 69 64 3D 22 73 74 72 6F 6E 67 73 77 61 regid="strongswa |
| 571 | 22 | Andreas Steffen | 384: 6E 2E 6F 72 67 22 0A 20 20 20 20 72 6F 6C 65 3D n.org". role= |
| 572 | 22 | Andreas Steffen | 400: 22 73 6F 66 74 77 61 72 65 43 72 65 61 74 6F 72 "softwareCreator |
| 573 | 22 | Andreas Steffen | 416: 20 6C 69 63 65 6E 73 6F 72 20 74 61 67 43 72 65 licensor tagCre |
| 574 | 22 | Andreas Steffen | 432: 61 74 6F 72 22 2F 3E 0A 3C 2F 53 6F 66 74 77 61 ator"/>.</Softwa |
| 575 | 22 | Andreas Steffen | 448: 72 65 49 64 65 6E 74 69 74 79 3E 0A reIdentity>. |
| 576 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: processing PA-TNC message with ID 0x9a73d463 |
| 577 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: processing PA-TNC attribute type 'IETF/SW Inventory' 0x000000/0x00000014 |
| 578 | 24 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: received software inventory with 1 item for request 9 at eid 161 of epoch 0x3b8a77a3, 0 items to follow |
| 579 | 1 | Andreas Steffen | </pre> |
| 580 | 1 | Andreas Steffen | |
| 581 | 22 | Andreas Steffen | The XML-encoded ISO-17770-2:2015 SWID tag for the strongswan-5-5-3 software |
| 582 | 1 | Andreas Steffen | <pre> |
| 583 | 23 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: <?xml version="1.0" encoding="utf-8"?> |
| 584 | 16 | Andreas Steffen | <SoftwareIdentity |
| 585 | 22 | Andreas Steffen | name="strongSwan" |
| 586 | 22 | Andreas Steffen | tagId="strongSwan-5-5-3" |
| 587 | 22 | Andreas Steffen | version="5.5.3" versionScheme="alphanumeric" |
| 588 | 22 | Andreas Steffen | xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd"> |
| 589 | 22 | Andreas Steffen | <Entity |
| 590 | 22 | Andreas Steffen | name="strongSwan Project" |
| 591 | 22 | Andreas Steffen | regid="strongswan.org" |
| 592 | 22 | Andreas Steffen | role="softwareCreator licensor tagCreator"/> |
| 593 | 16 | Andreas Steffen | </SoftwareIdentity> |
| 594 | 16 | Andreas Steffen | </pre> |
| 595 | 16 | Andreas Steffen | |
| 596 | 22 | Andreas Steffen | The SWID tag is uploaded to the strongTNC policy manager via the REST-ful API. Then the complete software identifier inventory is reposted |
| 597 | 22 | Andreas Steffen | <pre> |
| 598 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: sending request to 'https://admin-user:xxxxxxxxxx!@tnc.strongswan.org/api/swid/add-tags/'... |
| 599 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: sending request to 'https://admin-user:xxxxxxxxxx!@tnc.strongswan.org/api/sessions/2/swid-measurement/'... |
| 600 | 22 | Andreas Steffen | |
| 601 | 22 | Andreas Steffen | </pre> |
| 602 | 22 | Andreas Steffen | |
| 603 | 16 | Andreas Steffen | h2. Terminating PT-TLS Client Connection |
| 604 | 16 | Andreas Steffen | |
| 605 | 22 | Andreas Steffen | The PT-TLS client session is terminated |
| 606 | 16 | Andreas Steffen | <pre> |
| 607 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: IMV 2 handled SWIDT workitem 9: allow - received inventory of 2049 SWID tag IDs and 1 SWID tag |
| 608 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: creating PA-TNC message with ID 0xf63cbcf4 |
| 609 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009 |
| 610 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: created PA-TNC message: => 24 bytes @ 0x7ff83c000f50 |
| 611 | 22 | Andreas Steffen | 0: 01 00 00 00 F6 3C BC F4 00 00 00 00 00 00 00 09 .....<.......... |
| 612 | 16 | Andreas Steffen | 16: 00 00 00 10 00 00 00 00 ........ |
| 613 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: creating PB-PA message type 'IETF/Software' 0x000000/0x00000009 |
| 614 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: IMV 2 provides recommendation 'allow' and evaluation 'compliant' |
| 615 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: TNC server is handling outbound connection |
| 616 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: running policy script: 2>&1 ipsec imv_policy_manager stop 2 |
| 617 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: policy: recommendation for access requestor 46.126.238.39 is allow |
| 618 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: policy: imv_policy_manager stop successful |
| 619 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: IMV 1 "OS" changed state of Connection ID 1 to 'Allowed' |
| 620 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: IMV 2 "SWIMA" changed state of Connection ID 1 to 'Allowed' |
| 621 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: PB-TNC state transition from 'Server Working' to 'Decided' |
| 622 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: creating PB-TNC RESULT batch |
| 623 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: adding IETF/PB-PA message |
| 624 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: adding IETF/PB-Assessment-Result message |
| 625 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: adding IETF/PB-Access-Recommendation message |
| 626 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: sending PB-TNC RESULT batch (88 bytes) for Connection ID 1 |
| 627 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: sending PT-TLS message #5 of type 'PB-TNC Batch' (104 bytes) |
| 628 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: received PT-TLS message #5 of type 'PB-TNC Batch' (24 bytes) |
| 629 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: received TNCCS batch (8 bytes) |
| 630 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: TNC server is handling inbound connection |
| 631 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: processing PB-TNC CLOSE batch for Connection ID 1 |
| 632 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: PB-TNC state transition from 'Decided' to 'End' |
| 633 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: final recommendation is 'allow' and evaluation is 'compliant' |
| 634 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: PT-TLS connection terminates |
| 635 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: IMV 1 "OS" deleted the state of Connection ID 1 |
| 636 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: IMV 2 "SWIMA" deleted the state of Connection ID 1 |
| 637 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: removed TNCCS Connection ID 1 |
| 638 | 22 | Andreas Steffen | Jun 22 12:34:58 koala charon-systemd[12088]: sending TLS close notify |
| 639 | 1 | Andreas Steffen | </pre> |
| 640 | 1 | Andreas Steffen | |
| 641 | 1 | Andreas Steffen | h2. Stopping PT-TLS Daemon |
| 642 | 1 | Andreas Steffen | |
| 643 | 1 | Andreas Steffen | The strongSwan PT-TLS server daemon can be stopped using the following systemd command |
| 644 | 1 | Andreas Steffen | <pre> |
| 645 | 1 | Andreas Steffen | systemctl stop strongswan-swanctl |
| 646 | 1 | Andreas Steffen | </pre> |
| 647 | 1 | Andreas Steffen | |
| 648 | 1 | Andreas Steffen | <pre> |
| 649 | 22 | Andreas Steffen | Jun 22 14:11:43 koala charon-systemd[12088]: SIGTERM received, shutting down |
| 650 | 22 | Andreas Steffen | Jun 22 14:11:43 koala systemd[1]: Stopping strongSwan IPsec IKEv1/IKEv2 daemon using swanctl... |
| 651 | 22 | Andreas Steffen | Jun 22 14:11:43 koala charon-systemd[12088]: IMV 2 "SWIMA" terminated |
| 652 | 22 | Andreas Steffen | Jun 22 14:11:43 koala charon-systemd[12088]: IMV 1 "OS" terminated |
| 653 | 22 | Andreas Steffen | Jun 22 14:11:43 koala charon-systemd[12088]: removed IETF attributes |
| 654 | 22 | Andreas Steffen | Jun 22 14:11:43 koala charon-systemd[12088]: removed ITA-HSR attributes |
| 655 | 22 | Andreas Steffen | Jun 22 14:11:43 koala charon-systemd[12088]: removed PWG attributes |
| 656 | 22 | Andreas Steffen | Jun 22 14:11:43 koala charon-systemd[12088]: removed TCG attributes |
| 657 | 22 | Andreas Steffen | Jun 22 14:11:43 koala charon-systemd[12088]: libimcv terminated |
| 658 | 22 | Andreas Steffen | Jun 22 14:11:43 koala systemd[1]: Stopped strongSwan IPsec IKEv1/IKEv2 daemon using swanctl. |
| 659 | 1 | Andreas Steffen | </pre> |