sonertari / SSLproxy

Transparent SSL/TLS proxy for decrypting and diverting network traffic to other programs, such as UTM services, for deep SSL inspection
BSD 2-Clause "Simplified" License
388 stars 101 forks source link

Client-side BEV_EVENT_ERROR #38

Open swiftbird07 opened 2 years ago

swiftbird07 commented 2 years ago

Hello, I have the following setup that works:

10.2.0.0 (Ubuntu Host) <-> 10.24.0.28 (SSLProxy) <-> 10.24.0.1 PfSense FW <-> 192.168.178.1 FritzBox Router/Modem (Outside physical Server) <-> actual WAN

(10.0.0.0/8 is one network where everyone reaches one another)

but the following setup does not work and produces Client-side BEV_EVENT_ERROR with no result on the client besides an error message in the browser ("No secure connection possible"):

192.168.178.78 (Linux Mint Laptop) <-> 10.24.0.1 (PfSense FW [with NAT Rule triggering on source 192.168.178.78 and destination port 443 redirecting to SSLProxy Server]) <-> 10.24.0.28 (SSLProxy) <-> 10.24.0.1 PfSense FW <-> 192.168.178.1 FritzBox Router/Modem (Outside physical Server) <-> actual WAN

I also did install my 'myCA.pem' public certificate on the laptop.

I know it is likely that the problem is within networking and not SSLProxy itself, but there are also errors produced running make test so I thought I make an issue here. Also I really don't know what I cloud have made wrong at which point so any suggestion what I should change would be really appreciated.

For bug reports, please supply:

ProcySpec.conf:

ProxySpec {
    Proto autossl
    Addr 0.0.0.0       
    Port 8443        

    Divert no

    Passthrough yes #(Tried with and without with same result)

    CACert myCA.pem
    CAKey myCA.key    

    MinSSLProto tls10
    VerifyPeer yes
    UserAuth no

    Split from * to * log pcap

}
sonertari commented 2 years ago

Can you enable the DEBUG_PROXY (and perhaps also DEBUG_OPTS) feature switch(es) in Mk/make.mk, build sslproxy again, and then start sslproxy with the -D4 option to obtain verbose debug logs? The verbose debug logs should tell you the reason for the Client-side BEV_EVENT_ERROR error you get. You can post those logs here if you like.

Unit tests fail because it cannot find the check package installed. Please install it first. But that seems irrelevant to the actual issue.

swiftbird07 commented 2 years ago

Ok did that (Client is now at 10.26.0.3):

root@pHellcat2:~/SSLproxy# sslproxy -X traffic3.pcap -f ProxySpec.conf -D4
Enter PEM pass phrase:
DebugLevel: 4
SSLproxy v0.9.2-3-g3dea854-dirty (built 2022-02-18)
Copyright (c) 2017-2021, Soner Tari <sonertari@gmail.com>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DDEBUG_OPTS -DDEBUG_PROXY -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1f  31 Mar 2020 (1010106f)
rtlinked against OpenSSL 1.1.1f  31 Mar 2020 (1010106f)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 tls13 
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.11-stable
rtlinked against libevent 2.1.11-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.9.1 (with TPACKET_V3)
compiled against sqlite 3.31.1
rtlinked against sqlite 3.31.1
1 CPU cores detected
Generated 2048 bit RSA key for leaf certs.
Global conn opts: negotiate>=tls10<=tls13|ALL:-aNULL|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|no user_auth_url|300|8192
proxyspecs:
- listen=[10.24.0.28]:8443 tcp|autossl netfilter
return addr= [127.0.0.1]:0
opts= conn opts: negotiate>=tls10<=tls13|passthrough|ALL:-aNULL|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|no user_auth_url|300|8192
split||
filter rule 0: dstip=, dstport=, srcip=, user=, desc=, exact=||||, all=conns||sites|, action=|split|||, log=||||pcap|, precedence=1, line=55
filter rule 0: sni=, dstport=, srcip=, user=, desc=, exact=||||, all=conns||sites|, action=|split|||, log=||||pcap|, precedence=1, line=55
filter rule 0: cn=, dstport=, srcip=, user=, desc=, exact=||||, all=conns||sites|, action=|split|||, log=||||pcap|, precedence=1, line=55
filter rule 0: host=, dstport=, srcip=, user=, desc=, exact=||||, all=conns||sites|, action=|split|||, log=||||pcap|, precedence=1, line=55
filter rule 0: uri=, dstport=, srcip=, user=, desc=, exact=||||, all=conns||sites|, action=|split|||, log=||||pcap|, precedence=1, line=55
filter=>
userdesc_filter_exact->
userdesc_filter_substring->
user_filter_exact->
user_filter_substring->
desc_filter_exact->
desc_filter_substring->
user_filter_all->
ip_filter_exact->
ip_filter_substring->
filter_all->
    ip all:
      0:  (all_sites, substring, action=|split|||, log=||||pcap|, precedence=1, line=55)
    sni all:
      0:  (all_sites, substring, action=|split|||, log=||||pcap|, precedence=1, line=55)
    cn all:
      0:  (all_sites, substring, action=|split|||, log=||||pcap|, precedence=1, line=55)
    host all:
      0:  (all_sites, substring, action=|split|||, log=||||pcap|, precedence=1, line=55)
    uri all:
      0:  (all_sites, substring, action=|split|||, log=||||pcap|, precedence=1, line=55)

No Global CA loaded.
Loaded ProxySpec CA: '/C=DE/ST=Saxony Anhalt/L=Magdeburg/O=Swift-Bird Proxy CA/OU=CDC/CN=Swift-Bird Proxy/emailAddress=invalid@example.com'
SSL/TLS leaf certificates taken from:
- Global connection drop
Privsep fastpath disabled
Created self-pipe [r=4,w=5]
Created chld-pipe [r=6,w=7]
Created socketpair 0 [p=8,c=9]
Created socketpair 1 [p=10,c=11]
Created socketpair 2 [p=12,c=13]
Created socketpair 3 [p=14,c=15]
Created socketpair 4 [p=16,c=17]
Created socketpair 5 [p=18,c=19]
Privsep parent pid 1058
Privsep child pid 1060
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
[FINEST] proxy_listener_setup: ENTER
Received privsep req type 03 sz 9 on srvsock 8
Dropped privs to user nobody group - chroot -
Received privsep req type 00 sz 1 on srvsock 10
Received privsep req type 00 sz 1 on srvsock 12
Received privsep req type 00 sz 1 on srvsock 14
Received privsep req type 00 sz 1 on srvsock 18
Inserted events:
  0x556c25038908 [fd  5] Read Persist Internal
  0x556c25038ae0 [fd  7] Read Persist Internal
  0x556c25038d48 [fd  8] Read Persist
  0x556c25037c90 [sig 1] Signal Persist
  0x556c2500b2a0 [sig 2] Signal Persist
  0x556c250380e0 [sig 3] Signal Persist
  0x556c25037fc0 [sig 10] Signal Persist
  0x556c25037b70 [sig 13] Signal Persist
  0x556c250376f0 [sig 15] Signal Persist
  0x556c2500c560 [fd  -1] Persist Timeout=1645221532.666181
Active events:
Initialized 2 connection handling threads
Started 2 connection handling threads
Starting main event loop.
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.0 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.0 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.0 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.0 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.0 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=21, reserve=10
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49629
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.0 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49629, 10.24.0.28:443
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49629, 10.24.0.28:443
[FINE] [0.0 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.0 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.0 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.0 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.0 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.0 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.0 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.0 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.0 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.1 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.1 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.1 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.1 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.1 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=22, reserve=10
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49630
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.1 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49630, 10.24.0.28:443
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49630, 10.24.0.28:443
[FINE] [0.1 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.1 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.1 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.1 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.1 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.1 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.1 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.1 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.1 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.2 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.2 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.2 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.2 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.2 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=23, reserve=10
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49631
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.2 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49631, 10.24.0.28:443
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49631, 10.24.0.28:443
[FINE] [0.2 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.2 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.2 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.2 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.2 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.2 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.2 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.2 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.2 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.3 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.3 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.3 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.3 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.3 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=24, reserve=10
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49632
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.3 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49632, 10.24.0.28:443
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49632, 10.24.0.28:443
[FINE] [0.3 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.3 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.3 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.3 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.3 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.3 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.3 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.3 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.3 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.4 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.4 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.4 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.4 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.4 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=25, reserve=10
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49633
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.4 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49633, 10.24.0.28:443
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49633, 10.24.0.28:443
[FINE] [0.4 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.4 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.4 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.4 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.4 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.4 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.4 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.4 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.4 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.5 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.5 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.5 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.5 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.5 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=26, reserve=10
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49634
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.5 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49634, 10.24.0.28:443
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49634, 10.24.0.28:443
[FINE] [0.5 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.5 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.5 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.5 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.5 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.5 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.5 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.5 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.5 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] pxy_thr_timer_cb: thr=0, load=0, to=0
[FINEST] pxy_thr_timer_cb: thr=1, load=0, to=0
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.6 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.6 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.6 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.6 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.6 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=27, reserve=10
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49638
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.6 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49638, 10.24.0.28:443
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49638, 10.24.0.28:443
[FINE] [0.6 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.6 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.6 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.6 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.6 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.6 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.6 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.6 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.6 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.7 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.7 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.7 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.7 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.7 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=28, reserve=10
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49639
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.7 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49639, 10.24.0.28:443
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49639, 10.24.0.28:443
[FINE] [0.7 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.7 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.7 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.7 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.7 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.7 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.7 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.7 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.7 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.8 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.8 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.8 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.8 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.8 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=29, reserve=10
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49640
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.8 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49640, 10.24.0.28:443
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49640, 10.24.0.28:443
[FINE] [0.8 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.8 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.8 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.8 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.8 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.8 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.8 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.8 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.8 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.9 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.9 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.9 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.9 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.9 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=30, reserve=10
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:50677
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.9 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:50677, 10.24.0.28:443
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:50677, 10.24.0.28:443
[FINE] [0.9 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.9 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.9 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.9 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.9 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.9 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.9 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.9 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.9 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.10 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.10 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.10 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.10 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.10 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=31, reserve=10
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49641
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.10 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49641, 10.24.0.28:443
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49641, 10.24.0.28:443
[FINE] [0.10 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.10 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.10 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.10 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.10 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.10 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.10 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.10 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.10 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.11 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.11 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.11 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.11 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.11 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=32, reserve=10
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49642
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.11 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49642, 10.24.0.28:443
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49642, 10.24.0.28:443
[FINE] [0.11 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.11 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.11 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.11 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.11 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.11 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.11 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.11 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.11 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.12 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.12 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.12 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.12 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.12 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=33, reserve=10
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49643
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.12 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49643, 10.24.0.28:443
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49643, 10.24.0.28:443
[FINE] [0.12 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.12 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.12 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.12 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.12 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.12 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.12 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.12 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.12 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.13 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.13 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.13 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.13 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.13 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=34, reserve=10
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49644
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.13 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49644, 10.24.0.28:443
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49644, 10.24.0.28:443
[FINE] [0.13 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.13 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.13 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.13 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.13 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.13 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.13 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.13 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.13 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.14 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.14 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.14 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.14 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.14 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=35, reserve=10
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49645
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.14 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49645, 10.24.0.28:443
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49645, 10.24.0.28:443
[FINE] [0.14 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.14 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.14 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.14 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.14 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.14 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.14 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.14 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.14 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.15 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.15 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.15 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.15 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.15 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.15 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=36, reserve=10
[FINEST] [0.15 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49646
[FINEST] [0.15 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.15 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.15 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.15 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.15 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49646, 10.24.0.28:443
[FINEST] [0.15 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.15 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49646, 10.24.0.28:443
[FINE] [0.15 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.15 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.15 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.15 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.15 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.15 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.15 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.15 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.15 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.15 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.15 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.15 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.15 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.16 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.16 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.16 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.16 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.16 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.16 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=37, reserve=10
[FINEST] [0.16 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49648
[FINEST] [0.16 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.16 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.16 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.16 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.16 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49648, 10.24.0.28:443
[FINEST] [0.16 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.16 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49648, 10.24.0.28:443
[FINE] [0.16 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.16 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.16 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.16 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.16 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.16 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.16 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.16 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.16 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.16 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.16 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.16 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.16 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.17 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.17 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.17 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.17 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.17 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.17 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=38, reserve=10
[FINEST] [0.17 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49649
[FINEST] [0.17 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.17 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.17 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.17 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.17 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49649, 10.24.0.28:443
[FINEST] [0.17 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.17 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49649, 10.24.0.28:443
[FINE] [0.17 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.17 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.17 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.17 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.17 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.17 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.17 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.17 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.17 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.17 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.17 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.17 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.17 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.18 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.18 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.18 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.18 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.18 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.18 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=39, reserve=10
[FINEST] [0.18 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49650
[FINEST] [0.18 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.18 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.18 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.18 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.18 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49650, 10.24.0.28:443
[FINEST] [0.18 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.18 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49650, 10.24.0.28:443
[FINE] [0.18 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.18 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.18 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.18 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.18 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.18 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.18 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.18 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.18 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.18 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.18 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.18 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.18 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
^CReceived signal 2
Main event loop stopped (reason=2).
[FINEST] main: EXIT closing privsep clisock=9
Received privsep req type 00 sz 1 on srvsock 8
Received privsep req type 00 sz 1 on srvsock 16
Child pid 1060 exited with status 0
root@pHellcat2:~/SSLproxy# sslproxy -X traffic3.pcap -f ProxySpec.conf -D4
Enter PEM pass phrase:
DebugLevel: 4
SSLproxy v0.9.2-3-g3dea854-dirty (built 2022-02-18)
Copyright (c) 2017-2021, Soner Tari <sonertari@gmail.com>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DDEBUG_OPTS -DDEBUG_PROXY -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1f  31 Mar 2020 (1010106f)
rtlinked against OpenSSL 1.1.1f  31 Mar 2020 (1010106f)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 tls13 
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.11-stable
rtlinked against libevent 2.1.11-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.9.1 (with TPACKET_V3)
compiled against sqlite 3.31.1
rtlinked against sqlite 3.31.1
1 CPU cores detected
Generated 2048 bit RSA key for leaf certs.
Global conn opts: negotiate>=tls10<=tls13|ALL:-aNULL|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|no user_auth_url|300|8192
proxyspecs:
- listen=[10.24.0.28]:8443 tcp|autossl netfilter
return addr= [127.0.0.1]:0
opts= conn opts: negotiate>=tls10<=tls13|passthrough|ALL:-aNULL|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|no user_auth_url|300|8192
split||
filter rule 0: dstip=, dstport=, srcip=, user=, desc=, exact=||||, all=conns||sites|, action=|split|||, log=||||pcap|, precedence=1, line=55
filter rule 0: sni=, dstport=, srcip=, user=, desc=, exact=||||, all=conns||sites|, action=|split|||, log=||||pcap|, precedence=1, line=55
filter rule 0: cn=, dstport=, srcip=, user=, desc=, exact=||||, all=conns||sites|, action=|split|||, log=||||pcap|, precedence=1, line=55
filter rule 0: host=, dstport=, srcip=, user=, desc=, exact=||||, all=conns||sites|, action=|split|||, log=||||pcap|, precedence=1, line=55
filter rule 0: uri=, dstport=, srcip=, user=, desc=, exact=||||, all=conns||sites|, action=|split|||, log=||||pcap|, precedence=1, line=55
filter=>
userdesc_filter_exact->
userdesc_filter_substring->
user_filter_exact->
user_filter_substring->
desc_filter_exact->
desc_filter_substring->
user_filter_all->
ip_filter_exact->
ip_filter_substring->
filter_all->
    ip all:
      0:  (all_sites, substring, action=|split|||, log=||||pcap|, precedence=1, line=55)
    sni all:
      0:  (all_sites, substring, action=|split|||, log=||||pcap|, precedence=1, line=55)
    cn all:
      0:  (all_sites, substring, action=|split|||, log=||||pcap|, precedence=1, line=55)
    host all:
      0:  (all_sites, substring, action=|split|||, log=||||pcap|, precedence=1, line=55)
    uri all:
      0:  (all_sites, substring, action=|split|||, log=||||pcap|, precedence=1, line=55)

No Global CA loaded.
Loaded ProxySpec CA: '/C=DE/ST=Saxony Anhalt/L=Magdeburg/O=Swift-Bird Proxy CA/OU=CDC/CN=Swift-Bird Proxy/emailAddress=invalid@example.com'
SSL/TLS leaf certificates taken from:
- Global connection drop
Privsep fastpath disabled
Created self-pipe [r=4,w=5]
Created chld-pipe [r=6,w=7]
Created socketpair 0 [p=8,c=9]
Created socketpair 1 [p=10,c=11]
Created socketpair 2 [p=12,c=13]
Created socketpair 3 [p=14,c=15]
Created socketpair 4 [p=16,c=17]
Created socketpair 5 [p=18,c=19]
Privsep parent pid 1065
Privsep child pid 1067
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
[FINEST] proxy_listener_setup: ENTER
Received privsep req type 03 sz 9 on srvsock 8
Dropped privs to user nobody group - chroot -
Received privsep req type 00 sz 1 on srvsock 10
Received privsep req type 00 sz 1 on srvsock 12
Received privsep req type 00 sz 1 on srvsock 14
Received privsep req type 00 sz 1 on srvsock 18
Inserted events:
  0x555efec76908 [fd  5] Read Persist Internal
  0x555efec76ae0 [fd  7] Read Persist Internal
  0x555efec4a568 [fd  8] Read Persist
  0x555efec75c90 [sig 1] Signal Persist
  0x555efec492a0 [sig 2] Signal Persist
  0x555efec747a0 [sig 3] Signal Persist
  0x555efec760e0 [sig 10] Signal Persist
  0x555efec75e30 [sig 13] Signal Persist
  0x555efec759c0 [sig 15] Signal Persist
  0x555efec77340 [fd  -1] Persist Timeout=1645221620.036233
Active events:
Initialized 2 connection handling threads
Started 2 connection handling threads
Starting main event loop.
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.0 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.0 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.0 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.0 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.0 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=21, reserve=10
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49729
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.0 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49729, 10.24.0.28:443
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49729, 10.24.0.28:443
[FINE] [0.0 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.0 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.0 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.0 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.0 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.0 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.0 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.0 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.0 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.1 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.1 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.1 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.1 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.1 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=22, reserve=10
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49730
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.1 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49730, 10.24.0.28:443
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49730, 10.24.0.28:443
[FINE] [0.1 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.1 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.1 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.1 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.1 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.1 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.1 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.1 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.1 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.2 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.2 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.2 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.2 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.2 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=23, reserve=10
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49731
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.2 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49731, 10.24.0.28:443
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49731, 10.24.0.28:443
[FINE] [0.2 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.2 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.2 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.2 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.2 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.2 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.2 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.2 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.2 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] pxy_thr_timer_cb: thr=0, load=0, to=0
[FINEST] pxy_thr_timer_cb: thr=1, load=0, to=0
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.3 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.3 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.3 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.3 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.3 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=24, reserve=10
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49732
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.3 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49732, 10.24.0.28:443
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49732, 10.24.0.28:443
[FINE] [0.3 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.3 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.3 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.3 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.3 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.3 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.3 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.3 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.3 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.4 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.4 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.4 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.4 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.4 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=25, reserve=10
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49733
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.4 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49733, 10.24.0.28:443
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49733, 10.24.0.28:443
[FINE] [0.4 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.4 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.4 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.4 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.4 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.4 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.4 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.4 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.4 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.5 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.5 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.5 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.5 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.5 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=26, reserve=10
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49734
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.5 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49734, 10.24.0.28:443
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49734, 10.24.0.28:443
[FINE] [0.5 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.5 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.5 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.5 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.5 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.5 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.5 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.5 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.5 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.6 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.6 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.6 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.6 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.6 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=27, reserve=10
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49735
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.6 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49735, 10.24.0.28:443
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49735, 10.24.0.28:443
[FINE] [0.6 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.6 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.6 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.6 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.6 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.6 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.6 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.6 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.6 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.6 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.7 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.7 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.7 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.7 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.7 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=28, reserve=10
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49736
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.7 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49736, 10.24.0.28:443
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49736, 10.24.0.28:443
[FINE] [0.7 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.7 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.7 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.7 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.7 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.7 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.7 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.7 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.7 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.7 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.8 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.8 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.8 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.8 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.8 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=29, reserve=10
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49737
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.8 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49737, 10.24.0.28:443
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49737, 10.24.0.28:443
[FINE] [0.8 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.8 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.8 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.8 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.8 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.8 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.8 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.8 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.8 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.8 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.9 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.9 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.9 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.9 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.9 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=30, reserve=10
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49738
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.9 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49738, 10.24.0.28:443
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49738, 10.24.0.28:443
[FINE] [0.9 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.9 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.9 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.9 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.9 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.9 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.9 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.9 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.9 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.9 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.10 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.10 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.10 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.10 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.10 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=31, reserve=10
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49739
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.10 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49739, 10.24.0.28:443
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49739, 10.24.0.28:443
[FINE] [0.10 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.10 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.10 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.10 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.10 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.10 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.10 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.10 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.10 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.10 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.11 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.11 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.11 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.11 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.11 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=32, reserve=10
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49740
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.11 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49740, 10.24.0.28:443
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49740, 10.24.0.28:443
[FINE] [0.11 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.11 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.11 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.11 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.11 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.11 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.11 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.11 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.11 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.11 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.12 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.12 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.12 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.12 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.12 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=33, reserve=10
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49741
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.12 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49741, 10.24.0.28:443
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49741, 10.24.0.28:443
[FINE] [0.12 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.12 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.12 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.12 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.12 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.12 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.12 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.12 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.12 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.12 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.13 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.13 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.13 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.13 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.13 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=34, reserve=10
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49742
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.13 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49742, 10.24.0.28:443
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49742, 10.24.0.28:443
[FINE] [0.13 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.13 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.13 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.13 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.13 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.13 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.13 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.13 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.13 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.13 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.14 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.14 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.14 fd=19 cfd=0] prototcp_init_conn: ENTER
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.14 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.14 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=35, reserve=10
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:49743
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.14 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:49743, 10.24.0.28:443
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:49743, 10.24.0.28:443
[FINE] [0.14 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.14 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.14 fd=19 cfd=0] protoautossl_conn_connect: ENTER
[FINEST] [0.14 fd=19 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
Client-side BEV_EVENT_ERROR
[FINE] [0.14 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: ENTER
[FINE] [0.14 fd=19 cfd=0] prototcp_bev_eventcb_error_srvdst: !ctx->connected
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.14 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.14 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.14 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.14 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
sonertari commented 2 years ago

Now I have noticed that you are trying to use an autossl proxyspec with HTTP. In SSLproxy, the use case for autossl is STARTTLS with SMTP and POP3 servers. I have never used autossl with HTTP, and honestly I don't know much about it (if any HTTP server supports STARTTLS).

So, if you change the Proto option in your conf file to http or https, I think the connection will succeed.

Btw, the verbose logs you have provided do not report any reason for the Client-side BEV_EVENT_ERROR error, because I think the proto is autossl. If it is an ssl connection, sslproxy is supposed to report the SSL error.

swiftbird07 commented 2 years ago

Ok I changed the Proto to https but it still does not succeeded :/ Here is the log if I try to connect https://de.wikipedia.org:

root@pHellcat2:~/SSLproxy# sslproxy -X traffic4.pcap -f ProxySpec.conf -D4
Enter PEM pass phrase:
DebugLevel: 4
SSLproxy v0.9.2-3-g3dea854-dirty (built 2022-02-18)
Copyright (c) 2017-2021, Soner Tari <sonertari@gmail.com>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DDEBUG_OPTS -DDEBUG_PROXY -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1f  31 Mar 2020 (1010106f)
rtlinked against OpenSSL 1.1.1f  31 Mar 2020 (1010106f)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 tls13 
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.11-stable
rtlinked against libevent 2.1.11-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.9.1 (with TPACKET_V3)
compiled against sqlite 3.31.1
rtlinked against sqlite 3.31.1
1 CPU cores detected
Generated 2048 bit RSA key for leaf certs.
Global conn opts: negotiate>=tls10<=tls13|ALL:-aNULL|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|no user_auth_url|300|8192
proxyspecs:
- listen=[10.24.0.28]:8443 ssl|http netfilter
return addr= [127.0.0.1]:0
opts= conn opts: negotiate>=tls10<=tls13|ALL:-aNULL|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|no user_auth_url|300|8192
split||
filter rule 0: dstip=, dstport=, srcip=, user=, desc=, exact=||||, all=conns||sites|, action=|split|||, log=||||pcap|, precedence=1, line=55
filter rule 0: sni=, dstport=, srcip=, user=, desc=, exact=||||, all=conns||sites|, action=|split|||, log=||||pcap|, precedence=1, line=55
filter rule 0: cn=, dstport=, srcip=, user=, desc=, exact=||||, all=conns||sites|, action=|split|||, log=||||pcap|, precedence=1, line=55
filter rule 0: host=, dstport=, srcip=, user=, desc=, exact=||||, all=conns||sites|, action=|split|||, log=||||pcap|, precedence=1, line=55
filter rule 0: uri=, dstport=, srcip=, user=, desc=, exact=||||, all=conns||sites|, action=|split|||, log=||||pcap|, precedence=1, line=55
filter=>
userdesc_filter_exact->
userdesc_filter_substring->
user_filter_exact->
user_filter_substring->
desc_filter_exact->
desc_filter_substring->
user_filter_all->
ip_filter_exact->
ip_filter_substring->
filter_all->
    ip all:
      0:  (all_sites, substring, action=|split|||, log=||||pcap|, precedence=1, line=55)
    sni all:
      0:  (all_sites, substring, action=|split|||, log=||||pcap|, precedence=1, line=55)
    cn all:
      0:  (all_sites, substring, action=|split|||, log=||||pcap|, precedence=1, line=55)
    host all:
      0:  (all_sites, substring, action=|split|||, log=||||pcap|, precedence=1, line=55)
    uri all:
      0:  (all_sites, substring, action=|split|||, log=||||pcap|, precedence=1, line=55)

No Global CA loaded.
Loaded ProxySpec CA: '/C=DE/ST=Saxony Anhalt/L=Magdeburg/O=Swift-Bird Proxy CA/OU=CDC/CN=Swift-Bird Proxy/emailAddress=invalid@example.com'
SSL/TLS leaf certificates taken from:
- Global connection drop
Privsep fastpath disabled
Created self-pipe [r=4,w=5]
Created chld-pipe [r=6,w=7]
Created socketpair 0 [p=8,c=9]
Created socketpair 1 [p=10,c=11]
Created socketpair 2 [p=12,c=13]
Created socketpair 3 [p=14,c=15]
Created socketpair 4 [p=16,c=17]
Created socketpair 5 [p=18,c=19]
Privsep parent pid 1548
Privsep child pid 1550
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
[FINEST] proxy_listener_setup: ENTER
Received privsep req type 03 sz 9 on srvsock 8
Dropped privs to user nobody group - chroot -
Received privsep req type 00 sz 1 on srvsock 10
Received privsep req type 00 sz 1 on srvsock 12
Received privsep req type 00 sz 1 on srvsock 14
Received privsep req type 00 sz 1 on srvsock 18
Inserted events:
  0x56147b0c4908 [fd  5] Read Persist Internal
  0x56147b0c4ae0 [fd  7] Read Persist Internal
  0x56147b0c4d48 [fd  8] Read Persist
  0x56147b0c3c90 [sig 1] Signal Persist
  0x56147b0972a0 [sig 2] Signal Persist
  0x56147b0c27a0 [sig 3] Signal Persist
  0x56147b0c3f30 [sig 10] Signal Persist
  0x56147b0c40e0 [sig 13] Signal Persist
  0x56147b0c36f0 [sig 15] Signal Persist
  0x56147b0c53a0 [fd  -1] Persist Timeout=1645302679.645689
Active events:
Initialized 2 connection handling threads
Started 2 connection handling threads
Starting main event loop.
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.0 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.0 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.0 fd=19 cfd=0] protossl_init_conn: ENTER
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.0 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.0 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=21, reserve=10
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:62417
[FINEST] [0.0 fd=19 cfd=0] protossl_fd_readcb: ENTER
SNI peek: [de.wikipedia.org] [complete], fd=19
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.0 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:62417, 10.24.0.28:443
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:62417, 10.24.0.28:443
[FINE] [0.0 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.0 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.0 fd=19 cfd=0] protossl_conn_connect: ENTER
[FINEST] [0.0 fd=19 cfd=0] protossl_bufferevent_setup: ENTER, fd=-1
[FINEST] [0.0 fd=19 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=-1
EOF on outbound connection before connection establishment
[FINE] [0.0 fd=19 cfd=0] prototcp_bev_eventcb_eof_srvdst: EOF on outbound connection before connection establishment
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.0 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.0 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.0 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.0 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.1 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.1 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.1 fd=19 cfd=0] protossl_init_conn: ENTER
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.1 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.1 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=22, reserve=10
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:62418
[FINEST] [0.1 fd=19 cfd=0] protossl_fd_readcb: ENTER
SNI peek: [de.wikipedia.org] [complete], fd=19
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.1 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:62418, 10.24.0.28:443
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:62418, 10.24.0.28:443
[FINE] [0.1 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.1 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.1 fd=19 cfd=0] protossl_conn_connect: ENTER
[FINEST] [0.1 fd=19 cfd=0] protossl_bufferevent_setup: ENTER, fd=-1
[FINEST] [0.1 fd=19 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=-1
EOF on outbound connection before connection establishment
[FINE] [0.1 fd=19 cfd=0] prototcp_bev_eventcb_eof_srvdst: EOF on outbound connection before connection establishment
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.1 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.1 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.1 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.1 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.2 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.2 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.2 fd=19 cfd=0] protossl_init_conn: ENTER
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.2 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.2 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=23, reserve=10
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:62419
[FINEST] [0.2 fd=19 cfd=0] protossl_fd_readcb: ENTER
SNI peek: [de.wikipedia.org] [complete], fd=19
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.2 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:62419, 10.24.0.28:443
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:62419, 10.24.0.28:443
[FINE] [0.2 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.2 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.2 fd=19 cfd=0] protossl_conn_connect: ENTER
[FINEST] [0.2 fd=19 cfd=0] protossl_bufferevent_setup: ENTER, fd=-1
[FINEST] [0.2 fd=19 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=-1
EOF on outbound connection before connection establishment
[FINE] [0.2 fd=19 cfd=0] prototcp_bev_eventcb_eof_srvdst: EOF on outbound connection before connection establishment
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.2 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.2 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.2 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.2 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.3 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.3 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.3 fd=19 cfd=0] protossl_init_conn: ENTER
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.3 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.3 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=24, reserve=10
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:62420
[FINEST] [0.3 fd=19 cfd=0] protossl_fd_readcb: ENTER
SNI peek: [de.wikipedia.org] [complete], fd=19
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.3 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:62420, 10.24.0.28:443
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:62420, 10.24.0.28:443
[FINE] [0.3 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.3 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.3 fd=19 cfd=0] protossl_conn_connect: ENTER
[FINEST] [0.3 fd=19 cfd=0] protossl_bufferevent_setup: ENTER, fd=-1
[FINEST] [0.3 fd=19 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=-1
EOF on outbound connection before connection establishment
[FINE] [0.3 fd=19 cfd=0] prototcp_bev_eventcb_eof_srvdst: EOF on outbound connection before connection establishment
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.3 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.3 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.3 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.3 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.4 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.4 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.4 fd=19 cfd=0] protossl_init_conn: ENTER
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.4 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.4 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=25, reserve=10
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:62421
[FINEST] [0.4 fd=19 cfd=0] protossl_fd_readcb: ENTER
SNI peek: [de.wikipedia.org] [complete], fd=19
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.4 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:62421, 10.24.0.28:443
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:62421, 10.24.0.28:443
[FINE] [0.4 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.4 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.4 fd=19 cfd=0] protossl_conn_connect: ENTER
[FINEST] [0.4 fd=19 cfd=0] protossl_bufferevent_setup: ENTER, fd=-1
[FINEST] [0.4 fd=19 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=-1
EOF on outbound connection before connection establishment
[FINE] [0.4 fd=19 cfd=0] prototcp_bev_eventcb_eof_srvdst: EOF on outbound connection before connection establishment
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.4 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.4 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.4 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.4 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=19
[FINEST] proxy_conn_ctx_new: ENTER, fd=19
[FINEST] [0.5 fd=19 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.5 fd=19 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.5 fd=19 cfd=0] protossl_init_conn: ENTER
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.5 fd=19 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.5 fd=19 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=26, reserve=10
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_init: srcaddr= [10.26.0.3]:62422
[FINEST] [0.5 fd=19 cfd=0] protossl_fd_readcb: ENTER
SNI peek: [de.wikipedia.org] [complete], fd=19
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_connect: ENTER
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_filter: Searching ip exact: 10.26.0.3
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_filter: Searching ip substring: 10.26.0.3
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_filter: Searching all
[FINE] [0.5 fd=19 cfd=0] pxy_conn_filter_match_ip: Found site (line=55):  for 10.26.0.3:62422, 10.24.0.28:443
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_filter_match_ip: Match all dst (line=55): , 10.24.0.28
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_filter_port: No filter match with port: 10.26.0.3:62422, 10.24.0.28:443
[FINE] [0.5 fd=19 cfd=0] pxy_conn_set_filter_action: Filter split action for 10.24.0.28, precedence 1 (line=55)
[FINE] [0.5 fd=19 cfd=0] pxy_conn_set_filter_action: Filter enable pcap log for 10.24.0.28, precedence 1 (line=55)
Connecting to [10.24.0.28]:443
[FINEST] [0.5 fd=19 cfd=0] protossl_conn_connect: ENTER
[FINEST] [0.5 fd=19 cfd=0] protossl_bufferevent_setup: ENTER, fd=-1
[FINEST] [0.5 fd=19 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=-1
EOF on outbound connection before connection establishment
[FINE] [0.5 fd=19 cfd=0] prototcp_bev_eventcb_eof_srvdst: EOF on outbound connection before connection establishment
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_term: ENTER
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_free: ENTER
[FINE] [0.5 fd=19 cfd=0] pxy_conn_free: evutil_closesocket on NULL src.bev
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_free_children: ENTER
[FINEST] [0.5 fd=19 cfd=0] pxy_conn_ctx_free: ENTER
[FINEST] [0.5 fd=19 cfd=0] pxy_thr_detach: Removing conn
[FINEST] [0.5 fd=19 cfd=0] pxy_thr_detach: Cannot find conn in thr conns, empty
^CReceived signal 2
Main event loop stopped (reason=2).
[FINEST] main: EXIT closing privsep clisock=9
Received privsep req type 00 sz 1 on srvsock 8
Received privsep req type 00 sz 1 on srvsock 16
Child pid 1550 exited with status 0
sonertari commented 2 years ago

I notice the following in your first post:

192.168.178.78 (Linux Mint Laptop) <-> 10.24.0.1 (PfSense FW [with NAT Rule triggering on source 192.168.178.78 and destination port 443 redirecting to SSLProxy Server]) <-> 10.24.0.28 (SSLProxy) <-> 10.24.0.1 PfSense FW <-> 192.168.178.1 FritzBox Router/Modem (Outside physical Server

Do you mean that the gateway for the Mint laptop is pfSense, and pfSense redirects the traffic from the laptop to sslproxy running on another machine, and you expect sslproxy to reach the Internet via pfSense? I don't know what you are trying to achieve, but your first setup seems correct. But I guess the issue with this second setup is about networking and/or pf rules on pfSense.

Because, note that sslproxy reports EOF on outbound connection before connection establishment, which means that the outbound connection on the server side (in the second setup via pfSense?) fails, in other words sslproxy cannot reach the target http server (the destination). Now I would check the pf logs on pfSense to see if sslproxy is being blocked by pfSense. But I am not sure how this network setup can work anyway.

swiftbird07 commented 2 years ago

Do you mean that the gateway for the Mint laptop is pfSense, and pfSense redirects the traffic from the laptop to sslproxy running on another machine, and you expect sslproxy to reach the Internet via pfSense?

Yes exactly and I don’t know why it should not work. I have seen companies that redirect your traffic through several proxies for different reasons until you are finally on the actual WAN so it is definitely possible.

I don't know what you are trying to achieve, but your first setup seems correct.

I want to simply direct all traffic from all my devices through SSLProxy. I don’t really see what is so different between setup one that it works and setup two that it doesn’t…I mean if it would be some kind of problem with say the NAT redirect on the firewall, why would the SSLProxy error indicate that the connection from SSLProxy to the WAN Server did not succeed? I guess that would result in another kind of error if the client does not respond anymore (?)

Because, note that sslproxy reports EOF on outbound connection before connection establishment, which means that the outbound connection on the server side (in the second setup via pfSense?) fails, in other words sslproxy cannot reach the target http server (the destination).

But this would mean that the first setup would also not work, but it does. If I curl google.com from 10.2.0.0 via the SSLProxy at 10.24.0.28 the traffic from there would also need to go outside via Pfsense to google right? (The Pfsense manages all connections for 10/8) But this connection apparently works.

From the Firewalls perspective in both cases it would see traffic from the SSLProxy Server to Googles IP right? Why would it allow that in setup one and deny it in the other?

Now I would check the pf logs on pfSense to see if sslproxy is being blocked by pfSense.

I don’t see any Firewall denies but I could do a PCAP capture to look if data is even coming to this point

sonertari commented 2 years ago

I think the issue is really with networking and pf rules on pfSense. Because see the following log:

Connecting to [10.24.0.28]:443

Sslproxy is telling us that it thinks that 10.24.0.28 is the target HTTP server, and is trying to connect to it. Which machine is this? Answer: the sslproxy itself. So, looking at the logs, I think here is what is going on: We see that sslproxy is trying to connect to its own IP address (recursion), but that IP address does not have an HTTP server listening on port 443, so the connection fails (which gives EOF on outbound connection... error). In other words, sslproxy is not trying to connect to the actual destination address.

Why? Because, the destination address caused by the redirect pf rule on pfSense makes sslproxy to think that the destination is 10.24.0.28, i.e. the sslproxy itself. SSLproxy determines the destination address by querying the NAT engine on the system. So, in other words, due to the redirect pf rule on pfSense the actual destination address is lost when the packet reaches sslproxy. It would help if you could write a pf rule which does not change the actual destination address but still redirect to sslproxy, but I am not aware of such possibility (you would need to directly send it to the ethernet address of sslproxy at L2, as we do with mirror logging, but that's irrelevant to this issue).

How traffic is supposed to be redirected to sslproxy is described in the 4th paragraph of the Mode of operation section in README.

Btw, normally, I would run sslproxy on pfSense. But your first setup at least satisfies the redirection requirements mentioned in README.

swiftbird07 commented 2 years ago

Ah okay that makes absolutely sense! I will look into the issue if it is possible to do a redirect without changing the dest ip, I hope that is possible