Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
martinsd
Staff
Staff

Created on ‎08-26-2024 08:01 AM

Article Id 324733

Technical Tip: WAD Debugging - VIP Example (Certificate Inspection)

Description This article describes an example of a WAD Debug for a VIP with Certificate Inspection.
Scope FortiGate and FortiProxy.
Solution

Diagram:

 

FullZTNA.png

 

WAD Debug:

 

First, it is necessary to collect the debug logs and check which process is handling the interesting traffic (traffic hitting the firewall policy ID 25). In this case, it is PID 13074, as seen below. 

 

DSRSD_FW # diagnose wad filter vd root
DSRSD_FW # diagnose wad filter firewall-policy 25
DSRSD_FW # diagnose debug console timestamp enable
DSRSD_FW # diagnose wad debug enable all
DSRSD_FW # diagnose wad debug display pid enable
DSRSD_FW # diagnose wad debug enable level verbose
DSRSD_FW # diagnose debug enable

 

[Log Level] Timestamp [pid] [session] wad_function :log_id log_message
 
  • Client -> Proxy - Socket (file descriptor 115).

[I]2024-07-08 11:13:56.065842 [p:13074] wad_tcp_port_alloc :1464 alloc tcp_port=0x7f889f32d8
[I]2024-07-08 11:13:56.065915 [p:13074] wad_accept :2383 redirect 73 accepted 85.245.105.249:20574 -> 192.168.20.18:443 on 115
[I]2024-07-08 11:13:56.065949 [p:13074] wad_tcp_port_learn_v4_session :125 Redir session state=0x310306 state2=0x1 state_ext=0x0.
[V]2024-07-08 11:13:56.065972 [p:13074][s:475587] wad_session_start_traffic_timer :435 ses_ctx:0x7f88db5c08 start traffic timer:290
[V]2024-07-08 11:13:56.065981 [p:13074][s:475587] wad_policy_profile_learn :507 app=1 proxy=2, pn=0x7f88bd6368
[I]2024-07-08 11:13:56.065996 [p:13074][s:475587] wad_tcp_port_learn_session_config :443 vf_id=0 ses_ctx=0x7f88db5c08 policy-id=25, sec_profile=0x7f89239ab0 app_type=http
 
  • Proxy -> Server - Socket (file descriptor 116).

[I]2024-07-08 11:13:56.066016 [p:13074][s:475587] wad_tcp_port_alloc :1464 alloc tcp_port=0x7f889f3420
[V]2024-07-08 11:13:56.066047 [p:13074][s:475587] wad_tcp_port_bind :557 tcp_port=0x7f889f3420 src ip:85.245.105.249 is bind, create sess:0
[V]2024-07-08 11:13:56.066061 [p:13074][s:475587] wad_tcp_port_connect_with_fd :2217 oif =33, fwd_oif=0 src_addr_unkown=0
[I]2024-07-08 11:13:56.066116 [p:13074][s:475587] wad_tcp_port_connect_with_fd :2261 TCP port=0x7f889f3420 sock=116 vrf=0 connecting 85.245.105.249:20574->192.168.20.18:443
[I]2024-07-08 11:13:56.066137 [p:13074][s:475587] wad_tcp_port_alloc :1464 alloc tcp_port=0x7f889f3568
[I]2024-07-08 11:13:56.066161 [p:13074] wad_tcp_port_put :627 free tcp_port=0x7f889f3568
[I]2024-07-08 11:13:56.069301 [p:13074][s:475587] wad_tcp_port_on_connect :2035 TCP connection 0x7f889f3420 fd=116 connected 85.245.105.249:20574->192.168.20.18:443

 
  • TLS Handshakes.

[I]2024-07-08 11:13:56.069329 [p:13074][s:475587] wad_ssl_port_open :20819 wsp=0x7f889f3420/7 making SSL port
[V]2024-07-08 11:13:56.069350 [p:13074][s:475587] wad_ssl_negotiate_make :2392 nego=0x7f88cb5be0
[V]2024-07-08 11:13:56.069361 [p:13074][s:475587] wad_ssl_port_update_cert_mode :5662 nego=0x7f88cb5be0 ca=0x7f88cc1820 name=Fortinet_CA_SSL
[I]2024-07-08 11:13:56.069383 [p:13074][s:475587] wad_ssl_port_open :21112 wsp=0x7f889eb3f0/7 SSL-port open succ type=7 port=0x7f889f3420 vd=0 svr=192.168.20.18:443: succ
[I]2024-07-08 11:13:56.069397 [p:13074][s:475587] wad_ssl_port_open :20819 wsp=0x7f889f32d8/6 making SSL port
[V]2024-07-08 11:13:56.069407 [p:13074][s:475587] wad_ssl_negotiate_make :2392 nego=0x7f88cb52c8
[I]2024-07-08 11:13:56.069419 [p:13074][s:475587] wad_ssl_port_open :21112 wsp=0x7f889eb798/6 SSL-port open succ type=6 port=0x7f889f32d8 vd=0 svr=192.168.20.18:443: succ
[V]2024-07-08 11:13:56.069432 [p:13074][s:475587] wad_tcp_port_out_read_block :1005 tcp_port 0x7f889f32d8 fd=115 on=0 n_out_block=1~>0 in(/out)_shutdown=0/0 closed=0 state=2.
[V]2024-07-08 11:13:56.069444 [p:13074][s:475587] wad_tcp_port_transport_read_block :960 tcp_port 0x7f889f32d8 fd=115 on=0 n_out_block=1~>0 in(/out)_shutdown=0/0 closed=0 events=0x0.
[V]2024-07-08 11:13:56.069455 [p:13074][s:475587] wad_tcp_port_transport_read_block :992 sock 115 read_block removed, turn on readability.
[V]2024-07-08 11:13:56.069464 [p:13074][s:475587] wad_tcp_port_out_read_block :1005 tcp_port 0x7f889f3420 fd=116 on=0 n_out_block=1~>0 in(/out)_shutdown=0/0 closed=0 state=2.
[V]2024-07-08 11:13:56.069481 [p:13074][s:475587] wad_tcp_port_transport_read_block :960 tcp_port 0x7f889f3420 fd=116 on=0 n_out_block=1~>0 in(/out)_shutdown=0/0 closed=0 events=0x0.
[V]2024-07-08 11:13:56.069491 [p:13074][s:475587] wad_tcp_port_transport_read_block :992 sock 116 read_block removed, turn on readability.
[I]2024-07-08 11:13:56.069501 [p:13074][s:475587] wad_ssl_port_run :21149 sp=0x7f889eb798/6 state=1
[I]2024-07-08 11:13:56.069510 [p:13074][s:475587] wad_ssl_port_run :21149 sp=0x7f889eb3f0/7 state=1
[I]2024-07-08 11:13:56.069679 [p:13074][s:475587] wad_tcp_port_on_event :1887 start processing tcp event=0x1 events=0x1 fd=115 n_out_block=0 state=2 close/shut=0/0 n_out_block=0
[I]2024-07-08 11:13:56.069697 [p:13074][s:475587] wad_tcp_port_on_read :1763 sock 115 read (0,4080)
[V]2024-07-08 11:13:56.070373 [p:13074][s:475587] wad_ssl_sock_port_in_ops_read_buff:16574 sp=0x7f889eb798/6 len=596
[V]2024-07-08 11:13:56.070384 [p:13074][s:475587] wad_ssl_sock_port_in_ops_sync :16584 sp=0x7f889eb798/6 sync state=1 start
[V]2024-07-08 11:13:56.070393 [p:13074][s:475587] wad_ssl_sock_port_exec_up_forward :16257 sp=0x7f889eb798/6
[I]2024-07-08 11:13:56.070403 [p:13074][s:475587] wad_ssl_sock_port_exec_up_forward_txn:16238 sp=0x7f889eb798/6 forwarded len=596/596
[I]2024-07-08 11:13:56.070413 [p:13074][s:475587] wad_ssl_port_caps_on_task :12099 wsp=0x7f889eb798/6 cts 1 pts 2 hs 0/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/0 cti 0/0 ci 1/596/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.070429 [p:13074][s:475587] wad_ssl_port_caps_on_task :12099 wsp=0x7f889eb798/6 cts 3 pts 2 hs 2/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/0 cti 0/0 ci 1/596/596 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.070580 [p:13074][s:475587] wad_ssl_port_caps_on_task :12099 wsp=0x7f889eb798/6 cts 2 pts 2 hs 2/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/0 cti 1/596 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-08 11:13:56.070990 [p:13074][s:475587] wad_ssl_port_caps_on_dec_start :15062 sp=0x7f889eb798/6 dec start 0x7f88d8bd68 type 22 ver 0000 len 591 (01 00 02 4b 03 03 06 57 eb 6a e7 be c6 c8 59 3b 75 c0 01 a5 26 38 ea 94 41 12 42 99 c5 48 b0 86 6f 77 bc d4 ae 14 20 a0 05 aa dc 04 ac 4e 25 6c e8 65 52 53 30 ce af 4b a5 ab 69 fc db c5 a6 fb cc 43 80 17 55 3c 2d 00 20 1a 1a 13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30 cc a9 cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35 01 00 01 e2 2a 2a 00 00 00 2b 00 07 06 2a 2a 03 04 03 03 00 0a 00 0a 00 08 5a 5a 00 1d 00 17 00 18 00 33 00 2b 00 29 5a 5a 00 01 00 00 1d 00 20 48 72 cb e7 43 e2 bb 9a bb b6 80 d7 06 30 f3 00 7c 8f ec d8 02 09 e9 e4 8a 12 e8 1b 77 d1 cc 15 00 0d 00 12 00 10 04 03 08 04 04 01 05 03 08 05 05 01 08 06 06 01 00 1b 00 03 02 00 02 00 05 00 05 01 00 00 00 00 ff 01 00 01 00 00 23 00 00 00 0b 00 02 01 00 00 00 00 11 00 0f 00 00 0c 77 73 73 2e 64 73 72 73 64 2e 70 74 00 12 00 00 00 10 00 0e 00 0c 02 68 32 08 68 74 74 70 2f 31 2e 31 44 69 00 05 00 03
[V]2024-07-08 11:13:56.071417 [p:13074][s:475587] wad_ssl_port_caps_on_dec_done :15087 sp=0x7f889eb798/6 dec done 0x7f88d8bd68 type 22 ver 0000 status 0 len 591 (01 00 02 4b 03 03 06 57 eb 6a e7 be c6 c8 59 3b 75 c0 01 a5 26 38 ea 94 41 12 42 99 c5 48 b0 86 6f 77 bc d4 ae 14 20 a0 05 aa dc 04 ac 4e 25 6c e8 65 52 53 30 ce af 4b a5 ab 69 fc db c5 a6 fb cc 43 80 17 55 3c 2d 00 20 1a 1a 13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30 cc a9 cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35 01 00 01 e2 2a 2a 00 00 00 2b 00 07 06 2a 2a 03 04 03 03 00 0a 00 0a 00 08 5a 5a 00 1d 00 17 00 18 00 33 00 2b 00 29 5a 5a 00 01 00 00 1d 00 20 48 72 cb e7 43 e2 bb 9a bb b6 80 d7 06 30 f3 00 7c 8f ec d8 02 09 e9 e4 8a 12 e8 1b 77 d1 cc 15 00 0d 00 12 00 10 04 03 08 04 04 01 05 03 08 05 05 01 08 06 06 01 00 1b 00 03 02 00 02 00 05 00 05 01 00 00 00 00 ff 01 00 01 00 00 23 00 00 00 0b 00 02 01 00 00 00 00 11 00 0f 00 00 0c 77 73 73 2e 64 73 72 73 64 2e 70 74 00 12 00 00 00 10 00 0e 00 0c 02 68 32 08 68 74 74 70 2f 31 2e 31 44 69 00 0
[I]2024-07-08 11:13:56.071452 [p:13074][s:475587] wad_ssl_port_caps_on_task :12099 wsp=0x7f889eb798/6 cts 2 pts 2 hs 2/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/591/0 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.071467 [p:13074][s:475587] wad_ssl_port_caps_on_task :12099 wsp=0x7f889eb798/6 cts 2 pts 4 hs 2/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/591/591 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.071497 [p:13074][s:475587] wad_ssl_port_get_client_hello_sni :7841 wsp(0x7f889eb798/6) get clt_hello sni(wss.dsrsd.pt), copied: 1
[I]2024-07-08 11:13:56.071510 [p:13074][s:475587] wad_ssl_proxy_srv_proc_client_hello:8074 sp=0x7f889eb798/6 renego=0 ssl_proc=pucsn minor ver/min/max=0304/0303/0304.
[I]2024-07-08 11:13:56.071526 [p:13074][s:475587] wad_ssl_port_c2p_continue_urlf :7907 wsp(0x7f889eb798/6) continue with urlf!
[I]2024-07-08 11:13:56.071541 [p:13074][s:475587] wad_ssl_check_urlf_and_exempt :5441 wsp=0x7f889eb798/6 url_filter=0 url_src=SNI ssl_proc=pucsn host=wss.dsrsd.pt [sni=1,cert=1]:
[I]2024-07-08 11:13:56.071554 [p:13074][s:475587] wad_ssl_proxy_srv_continue_client_hello:8376 wsp=0x7f889eb798/6 ssl_proc=pucsn bypass-chk=0 sni=1 cic=0 tls1.3=1

 
  • Certificate Inspection Check (CIC) kicks in after receiving the user's Client Hello. It is possible to troubleshoot it further by debugging fnbamd daemon, since it is the daemon in charge of CIC.


[I]2024-07-08 11:13:56.071565 [p:13074][s:475587] wad_ssl_port_cert_inspection :13105 wsp(0x7f889eb798) starts CIC check.
[V]2024-07-08 11:13:56.071574 [p:13074][s:475587] wad_ssl_cic_oid_gen :560 vfid=0 sni=wss.dsrsd.pt 85.245.105.249->192.168.20.18
[I]2024-07-08 11:13:56.071762 [p:13074][s:475587] wad_ssl_cic_client_find_task :1244 Missed by (oid: 7858927882152766408)
[I]2024-07-08 11:13:56.071793 [p:13074][s:475587] wad_ssl_port_caps_on_task :12099 wsp=0x7f889eb798/6 cts 2 pts 2 hs 25/2 cpcs 0 ppcs 0 se 0 ed 0/0 ph 1 pti 0/0/587 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-08 11:13:56.071810 [p:13074][s:475587] wad_tcp_port_window_adjust :463 tcp_port 0x7f889f32d8 window-type 3 set 1 SNDBUF 327680 RCVBUF 10485760
[V]2024-07-08 11:13:56.071826 [p:13074][s:475587] wad_tcp_port_update_fixed_window :389 tcp_port 0x7f889f32d8 fixed window size set to 163840
[I]2024-07-08 11:13:56.072172 [p:13074] wad_unix_stream_flush_data :595 WAD unix stream stream 0x7f8a106fc8 write (1,24)
[V]2024-07-08 11:13:56.072234 [p:13074] wad_ssl_cic_conn_on_notify_output :549 cni(0x7f89931d58)
[V]2024-07-08 11:13:56.072243 [p:13074] wad_ssl_cicc_on_blocked :1336 clt(0x7f891e1048) blocked(0)
[V]2024-07-08 11:13:56.072495 [p:13074] wad_unix_stream_on_read_data :426 WAD unix stream socket 112 read (0,4080)
[I]2024-07-08 11:13:56.072591 [p:13074] wad_ssl_cic_conn_impl_proc_lookup_resp:621 cni(0x7f89931d58)
[I]2024-07-08 11:13:56.072601 [p:13074] wad_ssl_cicc_on_lookup_resp :1295 clt(0x7f891e1048) lookup resp: seq(10), oid: 7858927882152766408
[I]2024-07-08 11:13:56.072610 [p:13074] wad_ssl_cicc_on_lookup_resp :1307 clt(0x7f891e1048) found the task(0x7f889de048) oid: 7858927882152766408
[V]2024-07-08 11:13:56.072619 [p:13074] wad_ssl_cic_task_connector_make :826 task(0x7f889de048) is connecting sni(wss.dsrsd.pt)

 
  • A new SSL connection is made by WAD to get the Server Certificate.


[I]2024-07-08 11:13:56.072629 [p:13074] wad_tcp_port_alloc :1464 alloc tcp_port=0x7f889f36b0
[V]2024-07-08 11:13:56.072659 [p:13074] wad_tcp_port_bind_no_delay :513 tcp_port=0x7f889f36b0 src ip:85.245.105.249:23408 is bind
[I]2024-07-08 11:13:56.072673 [p:13074] wad_ssl_cic_tp_add_session :757 task(0x7f889de048):
[I]2024-07-08 11:13:56.072734 [p:13074] wad_ssl_cic_task_connector_make :916 task(0x7f889de048) ready to connect: src(85.245.105.249:23408/85.245.105.249:0) dst(192.168.20.18:443) tp(1) vwl(0) oi(0)
[V]2024-07-08 11:13:56.072757 [p:13074] wad_tcp_port_connect_with_fd :2217 oif =0, fwd_oif=0 src_addr_unkown=0
[I]2024-07-08 11:13:56.072798 [p:13074] wad_tcp_port_connect_with_fd :2261 TCP port=0x7f889f36b0 sock=119 vrf=0 connecting 85.245.105.249:23408->192.168.20.18:443
[I]2024-07-08 11:13:56.076487 [p:13074] wad_tcp_port_on_connect :2035 TCP connection 0x7f889f36b0 fd=119 connected 85.245.105.249:23408->192.168.20.18:443
[V]2024-07-08 11:13:56.076511 [p:13074] wad_ssl_cic_connector_connected :515 task(0x7f889de048) connected!
[I]2024-07-08 11:13:56.076521 [p:13074] wad_ssl_port_open :20819 wsp=0x7f889f36b0/14 making SSL port
[V]2024-07-08 11:13:56.076539 [p:13074] wad_ssl_negotiate_make :2392 nego=0x7f88cb55d0
[I]2024-07-08 11:13:56.076548 [p:13074] wad_ssl_port_open :21112 wsp=0x7f889ebb40/14 SSL-port open succ type=14 port=0x7f889f36b0 vd=0 svr=192.168.20.18:443: succ
[V]2024-07-08 11:13:56.076561 [p:13074] wad_tcp_port_out_read_block :1005 tcp_port 0x7f889f36b0 fd=119 on=0 n_out_block=1~>0 in(/out)_shutdown=0/0 closed=0 state=2.
[V]2024-07-08 11:13:56.076573 [p:13074] wad_tcp_port_transport_read_block :960 tcp_port 0x7f889f36b0 fd=119 on=0 n_out_block=1~>0 in(/out)_shutdown=0/0 closed=0 events=0x0.
[V]2024-07-08 11:13:56.076583 [p:13074] wad_tcp_port_transport_read_block :992 sock 119 read_block removed, turn on readability.
[V]2024-07-08 11:13:56.076599 [p:13074] wad_ssl_port_caps_clt_ciphers :14159 sp=0x7f889ebb40/14 ssl-svr=(nil)
[V]2024-07-08 11:13:56.076623 [p:13074] wad_key_share_bucket_get_entry :172 key_share 0x7f8a03bf38 g=29 use_cnt=35 holding=1 reuseable 1
[V]2024-07-08 11:13:56.076676 [p:13074] wad_ssl_port_caps_include_alpn :9416 alpn=hhttp/1.1Di len=2
[V]2024-07-08 11:13:56.076685 [p:13074] wad_ssl_port_caps_include_alpn :9416 alpn=http/1.1Di len=8
[V]2024-07-08 11:13:56.076702 [p:13074] wad_ssl_port_caps_include_alpn :9416 alpn=hhttp/1.1Di len=2
[V]2024-07-08 11:13:56.076710 [p:13074] wad_ssl_port_caps_include_alpn :9416 alpn=http/1.1Di len=8
[V]2024-07-08 11:13:56.076720 [p:13074] wad_ssl_port_caps_on_handshake_sent:11239 sp=0x7f889ebb40/14 sent type=1
[V]2024-07-08 11:13:56.076905 [p:13074] wad_ssl_port_caps_on_enc_start :15012 sp=0x7f889ebb40/14 enc start 0x7f88d8bcc8 type 22 ver 0301 len 261 (01 00 01 01 03 03 40 9e fb 83 37 93 af 7b 86 b7 ff bc 25 a7 e0 7b 32 e1 92 73 4d 33 c8 4d f8 d3 bb 7d 17 26 50 a0 20 a0 05 aa dc 04 ac 4e 25 6c e8 65 52 53 30 ce af 4b a5 ab 69 fc db c5 a6 fb cc 43 80 17 55 3c 2d 00 1e 13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30 cc a9 cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35 01 00 00 9a 00 2b 00 05 04 03 04 03 03 00 0b 00 02 01 00 00 0a 00 08 00 06 00 1d 00 17 00 18 ff 01 00 01 00 00 00 00 11 00 0f 00 00 0c 77 73 73 2e 64 73 72 73 64 2e 70 74 00 05 00 05 01 00 00 00 00 00 10 00 0e 00 0c 02 68 32 08 68 74 74 70 2f 31 2e 31 00 0d 00 12 00 10 04 03 08 04 04 01 05 03 08 05 05 01 08 06 06 01 00 17 00 00 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 20 76 ff 68 64 49 a0 b8 8a 44 fe d3 14 d3 08 4a 4d 42 a2 a7 8c 24 41 6e 30 85 2f a7 c2 6e cc 95 3d )
[V]2024-07-08 11:13:56.077100 [p:13074] wad_ssl_port_caps_on_enc_done :15039 sp=0x7f889ebb40/14 enc done 0x7f88d8bcc8 type 22 ver 0301 status 0 len 266 (16 03 01 01 05 01 00 01 01 03 03 40 9e fb 83 37 93 af 7b 86 b7 ff bc 25 a7 e0 7b 32 e1 92 73 4d 33 c8 4d f8 d3 bb 7d 17 26 50 a0 20 a0 05 aa dc 04 ac 4e 25 6c e8 65 52 53 30 ce af 4b a5 ab 69 fc db c5 a6 fb cc 43 80 17 55 3c 2d 00 1e 13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30 cc a9 cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35 01 00 00 9a 00 2b 00 05 04 03 04 03 03 00 0b 00 02 01 00 00 0a 00 08 00 06 00 1d 00 17 00 18 ff 01 00 01 00 00 00 00 11 00 0f 00 00 0c 77 73 73 2e 64 73 72 73 64 2e 70 74 00 05 00 05 01 00 00 00 00 00 10 00 0e 00 0c 02 68 32 08 68 74 74 70 2f 31 2e 31 00 0d 00 12 00 10 04 03 08 04 04 01 05 03 08 05 05 01 08 06 06 01 00 17 00 00 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 20 76 ff 68 64 49 a0 b8 8a 44 fe d3 14 d3 08 4a 4d 42 a2 a7 8c 24 41 6e 30 85 2f a7 c2 6e cc 95 3d )
[V]2024-07-08 11:13:56.077111 [p:13074] wad_ssl_sock_port_fts_in_write :15780 sp=0x7f889ebb40/14 start=0 len=266
[V]2024-07-08 11:13:56.077121 [p:13074] wad_ssl_sock_port_out_ops_sync :17172 sp=0x7f889ebb40/14 state=1 fts-input=266 proxy-input=0
[V]2024-07-08 11:13:56.077130 [p:13074] wad_ssl_sock_port_exec_dn_forward :16932 sp=0x7f889ebb40/14 ib-len=266
[V]2024-07-08 11:13:56.077139 [p:13074] wad_tcp_port_out_read_sync :944 tcp_port(0x7f889f36b0) sync 266
[I]2024-07-08 11:13:56.077149 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 2 hs 3/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/4 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.077162 [p:13074] wad_ssl_port_run :21149 sp=0x7f889ebb40/14 state=1
[I]2024-07-08 11:13:56.077263 [p:13074] wad_tcp_port_flush :1556 sock 119 write (1,266,266) n_written=266 tcp_port 0x7f889f36b0
[I]2024-07-08 11:13:56.098832 [p:13074] wad_tcp_port_on_event :1887 start processing tcp event=0x1 events=0x1 fd=119 n_out_block=0 state=2 close/shut=0/0 n_out_block=0
[I]2024-07-08 11:13:56.098913 [p:13074] wad_tcp_port_on_read :1763 sock 119 read (0,16368)
[V]2024-07-08 11:13:56.099767 [p:13074] wad_ssl_sock_port_in_ops_read_buff:16574 sp=0x7f889ebb40/14 len=1884
[V]2024-07-08 11:13:56.099778 [p:13074] wad_ssl_sock_port_in_ops_sync :16584 sp=0x7f889ebb40/14 sync state=1 start
[V]2024-07-08 11:13:56.099787 [p:13074] wad_ssl_sock_port_exec_up_forward :16257 sp=0x7f889ebb40/14
[I]2024-07-08 11:13:56.099797 [p:13074] wad_ssl_sock_port_exec_up_forward_txn:16238 sp=0x7f889ebb40/14 forwarded len=1884/1884
[I]2024-07-08 11:13:56.099806 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 2 hs 3/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/4 cti 0/0 ci 1/1884/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.099820 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 3 pts 2 hs 3/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/4 cti 0/0 ci 1/1884/127 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.099834 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 2 hs 3/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/4 cti 1/127 ci 1/1757/5 cto 0/0 wb 0/0
[V]2024-07-08 11:13:56.099930 [p:13074] wad_ssl_port_caps_on_dec_start :15062 sp=0x7f889ebb40/14 dec start 0x7f88d8ce48 type 22 ver 0301 len 122 (02 00 00 76 03 03 ab a3 8a a0 08 4a 60 2b 52 f9 5f 1b a3 c0 b0 1d 3f c5 8b 68 2e 6a 6f fc 63 40 06 dc f2 40 f4 a1 20 a0 05 aa dc 04 ac 4e 25 6c e8 65 52 53 30 ce af 4b a5 ab 69 fc db c5 a6 fb cc 43 80 17 55 3c 2d 13 01 00 00 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 a2 d5 e3 d8 1e 8e 53 0c 06 84 42 fc 94 1e d0 ec 99 74 12 92 71 55 37 92 93 ae e9 f2 cb 5a 85 76 )
[V]2024-07-08 11:13:56.100023 [p:13074] wad_ssl_port_caps_on_dec_done :15087 sp=0x7f889ebb40/14 dec done 0x7f88d8ce48 type 22 ver 0301 status 0 len 122 (02 00 00 76 03 03 ab a3 8a a0 08 4a 60 2b 52 f9 5f 1b a3 c0 b0 1d 3f c5 8b 68 2e 6a 6f fc 63 40 06 dc f2 40 f4 a1 20 a0 05 aa dc 04 ac 4e 25 6c e8 65 52 53 30 ce af 4b a5 ab 69 fc db c5 a6 fb cc 43 80 17 55 3c 2d 13 01 00 00 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 a2 d5 e3 d8 1e 8e 53 0c 06 84 42 fc 94 1e d0 ec 99 74 12 92 71 55 37 92 93 ae e9 f2 cb 5a 85 76 )
[I]2024-07-08 11:13:56.100033 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 2 hs 3/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/122/4 cti 0/0 ci 1/1757/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.100047 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 4 hs 3/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/122/122 cti 0/0 ci 1/1757/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.100066 [p:13074] wad_ssl_clt_on_server_hello :8657 wsp=0x7f889ebb40/14 receive serverHello, ver=0304
[V]2024-07-08 11:13:56.100075 [p:13074] wad_ssl_port_caps_clt_ciphers :14159 sp=0x7f889ebb40/14 ssl-svr=(nil)
[I]2024-07-08 11:13:56.100087 [p:13074] wad_ssl_clt_on_server_hello :8677 wsp=0x7f889ebb40/14 full handshake with ses=(nil)
[I]2024-07-08 11:13:56.100096 [p:13074] wad_ssl_port_caps_clt_keep_sessions:14269 sp=0x7f889ebb40/14
[V]2024-07-08 11:13:56.100793 [p:13074] wad_key_share_soft_impl_put :353 key_share 0x7f8a03bf38 g=29 use_cnt=36 holding=1 put
[I]2024-07-08 11:13:56.100867 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 3 hs 29/3 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/118 cti 0/0 ci 1/1757/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.100893 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 3 pts 3 hs 29/3 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/118 cti 0/0 ci 1/1757/6 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.100909 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 3 hs 29/3 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/118 cti 1/6 ci 1/1751/5 cto 0/0 wb 0/0
[V]2024-07-08 11:13:56.100926 [p:13074] wad_ssl_port_caps_on_dec_start :15062 sp=0x7f889ebb40/14 dec start 0x7f898c4c18 type 20 ver 0303 len 1 (01 )
[V]2024-07-08 11:13:56.100938 [p:13074] wad_ssl_port_caps_on_dec_done :15087 sp=0x7f889ebb40/14 dec done 0x7f898c4c18 type 20 ver 0303 status 0 len 1 (01 )
[I]2024-07-08 11:13:56.100948 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 3 hs 29/3 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/1/118 cti 0/0 ci 1/1751/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.100962 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 3 hs 29/3 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/118 cti 0/0 ci 1/1751/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.100976 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 3 pts 3 hs 29/3 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/118 cti 0/0 ci 1/1751/47 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.100990 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 3 hs 29/3 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/118 cti 1/47 ci 1/1704/5 cto 0/0 wb 0/0
[V]2024-07-08 11:13:56.101033 [p:13074] wad_ssl_port_caps_on_dec_start :15062 sp=0x7f889ebb40/14 dec start 0x7f898c4c18 type 23 ver 0303 len 42 (92 d3 9c c1 0e 2d a0 39 bc 66 74 39 d9 f3 11 d6 c9 8b 05 0a 95 bc e7 d5 09 05 24 2d 6f a4 14 e8 26 12 2a 63 8f f6 9a fe 3d 8d )
[V]2024-07-08 11:13:56.101074 [p:13074] wad_ssl_port_caps_on_dec_done :15087 sp=0x7f889ebb40/14 dec done 0x7f898c4c18 type 22 ver 0303 status 0 len 25 (08 00 00 15 00 13 00 00 00 00 00 10 00 0b 00 09 08 68 74 74 70 2f 31 2e 31 )
[I]2024-07-08 11:13:56.101085 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 3 hs 29/3 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/25/118 cti 0/0 ci 1/1704/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.101099 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 5 hs 29/3 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/25/25 cti 0/0 ci 1/1704/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.101114 [p:13074] wad_ssl_clt_on_encrypted_extensions:10757 wsp(0x7f889ebb40/14) got server eext!
[V]2024-07-08 11:13:56.101123 [p:13074] wad_ssl_port_caps_on_handshake_recv:10741 sp=0x7f889ebb40/14 recv type=8 len=25
[I]2024-07-08 11:13:56.101131 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 3 hs 30/29 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/21 cti 0/0 ci 1/1704/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.101144 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 3 pts 3 hs 30/29 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/21 cti 0/0 ci 1/1704/1360 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.101158 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 3 hs 30/29 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/21 cti 1/1360 ci 1/344/5 cto 0/0 wb 0/0
[V]2024-07-08 11:13:56.102048 [p:13074] wad_ssl_port_caps_on_dec_start :15062 sp=0x7f889ebb40/14 dec start 0x7f898c4c18 type 23 ver 0303 len 1355 (42 7b 88 d6 a9 7a cb 00 ea 88 58 a4 48 2c 93 29 81 cd fc 24 62 4b 84 32 4b 52 53 9a d9 cb fb 6e 0e 2e 49 9a ea 58 d0 ac df 3e 3f 53 7a 48 83 0e 27 59 1c a9 c9 7d 4e 27 8c de e2 f4 68 40 61 cc 4a 61 8b 87 be de 92 5f 81 49 2d c4 86 17 9c f6 77 ad f3 7b 17 eb 35 36 86 73 b6 1b b6 21 27 e1 90 5f 89 24 1a 85 4b dd 36 ab bb e9 21 b2 c8 b4 3c 0f 17 b0 ab fc eb 8d 64 7b 5f 5c 12 40 a5 a1 25 22 be c4 02 0e 55 54 de 5d 58 45 94 9d 39 3c 30 2d bc 41 7b 8c 14 fd 5d 0c 48 b7 a9 ab 7b 4a 3a 6e bc 00 6b 9f be 87 4f da 48 13 8b 6f 3b da 8a 39 73 b9 9e ce 1c 0d 21 bb 6e 33 15 91 04 aa 4c 93 7f 57 18 e1 a8 5b 8f dc 49 76 ca 2a 83 ac ca 0a 4e db 5e 0f 92 d9 2d 15 51 5c f5 ea fd e0 90 f6 15 64 21 64 b3 12 d3 48 cb dc 68 63 35 10 8a 7e c3 86 90 4a a2 c9 8b 44 be c4 93 af 88 ff 6f 6e 30 b2 44 a1 31 78 33 4e cb dc 5a f5 1e 67 05 ea 60 82 b7 df 9d a8 68 0f 30 33 84 d8 f
[V]2024-07-08 11:13:56.103035 [p:13074] wad_ssl_port_caps_on_dec_done :15087 sp=0x7f889ebb40/14 dec done 0x7f898c4c18 type 22 ver 0303 status 0 len 1338 (0b 00 05 36 00 00 05 32 00 05 2d 30 82 05 29 30 82 03 11 a0 03 02 01 02 02 08 52 c7 0e ec 53 64 e1 62 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0d 05 00 30 81 85 31 0b 30 09 06 03 55 04 06 13 02 50 54 31 0b 30 09 06 03 55 04 08 13 02 4c 58 31 0b 30 09 06 03 55 04 07 13 02 4c 58 31 0c 30 0a 06 03 55 04 0a 13 03 4c 41 42 31 0c 30 0a 06 03 55 04 0b 13 03 4c 41 42 31 17 30 15 06 03 55 04 03 13 0e 63 61 2e 64 73 72 73 64 2e 6c 6f 63 61 6c 31 27 30 25 06 09 2a 86 48 86 f7 0d 01 09 01 16 18 64 6f 73 6f 72 69 6f 6d 61 72 74 69 6e 73 40 67 6d 61 69 6c 2e 63 6f 6d 30 1e 17 0d 32 34 30 37 30 38 30 38 33 38 30 30 5a 17 0d 32 35 30 37 30 38 30 38 33 38 30 30 5a 30 81 81 31 0b 30 09 06 03 55 04 06 13 02 50 54 31 0b 30 09 06 03 55 04 08 13 02 4c 58 31 0b 30 09 06 03 55 04 07 13 02 4c 58 31 0e 30 0c 06 03 55 04 0a 13 05 4c 58 54 41 43 31 0c 30 0a 06 03 55 04 0b
[I]2024-07-08 11:13:56.103125 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 3 hs 30/29 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/1338/21 cti 0/0 ci 1/344/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.103139 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 5 hs 30/29 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/1338/1338 cti 0/0 ci 1/344/5 cto 0/0 wb 0/0
[V]2024-07-08 11:13:56.103155 [p:13074] wad_ssl_port_caps_on_handshake_recv:10741 sp=0x7f889ebb40/14 recv type=11 len=1338
[I]2024-07-08 11:13:56.103172 [p:13074] wad_ssl_cert_auth_find :60 find wad_ssl_cert_auth_info fail by timeout 2194
[I]2024-07-08 11:13:56.103182 [p:13074] wad_ssl_cert_auth_find :78 Can't find auth_info!
[V]2024-07-08 11:13:56.103189 [p:13074] wad_ssl_cert_auth_info_find :2398 Found ssl_cert, but without auth info
[I]2024-07-08 11:13:56.103196 [p:13074] wad_ssl_port_caps_on_srv_certs :12461 sp=0x7f889ebb40/1way_client_cic recv cert from server host=wss.dsrsd.pt nego=0x7f88cb55d0 cert=0x7f898a7128
[I]2024-07-08 11:13:56.104305 [p:13074] wad_ssl_cert_sni_check :2424 sni=wss.dsrsd.pt, matched name=wss.dsrsd.pt
[I]2024-07-08 11:13:56.104361 [p:13074] wad_ssl_port_caps_on_srv_certs :12509 sp=0x7f889ebb40/1way_client_cic sni-mismatch=0 sni=wss.dsrsd.pt cname=wss.dsrsd.pt
[I]2024-07-08 11:13:56.105119 [p:13074] wad_ssl_auth_validate_cert :321 auth cert=0x7f898a7128 chain=0x7f88b9ded0/1 ocsp=(nil)
[I]2024-07-08 11:13:56.106876 [p:13074] wad_ssl_port_caps_on_srv_certs :12528 sp=0x7f889ebb40/14 cert auth pending
[I]2024-07-08 11:13:56.106898 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 3 hs 25/30 cpcs 0 ppcs 0 se 0 ed 0/0 ph 1 pti 0/0/1334 cti 0/0 ci 1/344/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.106915 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 3 pts 3 hs 25/30 cpcs 0 ppcs 0 se 0 ed 0/0 ph 1 pti 0/0/1334 cti 0/0 ci 1/344/286 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.106930 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 3 hs 25/30 cpcs 0 ppcs 0 se 0 ed 0/0 ph 1 pti 0/0/1334 cti 1/286 ci 1/58/5 cto 0/0 wb 0/0
[V]2024-07-08 11:13:56.106946 [p:13074] wad_tcp_port_window_adjust :463 tcp_port 0x7f889f36b0 window-type 0 set 0 SNDBUF 131072 RCVBUF 349520
[I]2024-07-08 11:13:56.107738 [p:13074] wad_ssl_auth_on_fnbam_resp :233 fnbam inner fail: id=0 connect fail
[I]2024-07-08 11:13:56.107764 [p:13074] wad_ssl_port_on_cert_notify :4153 sp=0x7f889ebb40/14 cert auth: fnbam resp=success
[I]2024-07-08 11:13:56.107778 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 3 hs 32/30 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/1334 cti 1/286 ci 1/58/5 cto 0/0 wb 0/0
[V]2024-07-08 11:13:56.107979 [p:13074] wad_ssl_port_caps_on_dec_start :15062 sp=0x7f889ebb40/14 dec start 0x7f898c4c18 type 23 ver 0303 len 281 (ae db 6b e1 52 e1 00 cb 7f a3 a1 b0 66 50 b6 a4 f4 66 51 16 84 4c 3b fd a0 f8 bd 06 31 ad e2 e0 a4 e6 51 96 06 8d e7 1c 40 70 a4 3d 28 37 70 78 f6 73 55 80 75 95 84 c7 2b a9 1c 09 78 04 7b 99 bb bc 5c 98 86 0c 3e 7a a3 1c c7 ec 0b 6b d7 d6 86 9e 3b 91 06 34 b1 d0 b2 32 b4 8c 25 ff a7 18 df 87 77 8b 49 0e d0 c6 17 e2 0d be 27 06 e8 76 a3 4c 87 d8 47 f0 8f c5 bc ea 98 82 31 82 37 c5 8e ee f9 38 51 3e 5f 04 7b 17 03 07 46 bc 8a 60 74 81 d1 43 b0 3a d2 72 4b 26 bb c0 d5 fc 15 7b 74 20 42 9a a0 22 50 d2 b1 7f 7d 6b 65 13 d3 50 de 9c 12 85 5f 4b 7d e9 ac 66 cd 14 37 89 1a 2a 05 d4 25 12 db 57 bc 78 0f fa b8 ab d9 1e 53 06 f3 a7 87 0d 7a 44 ed fe b1 26 9f 5e 3c 85 10 f5 28 4d ab a6 a6 d4 25 bb 58 d4 69 b8 61 87 bf af 49 d2 b1 34 cd f7 22 31 a5 3d d5 22 2f 89 89 0d 98 36 27 d3 9a 87 74 6b 76 aa 8e 56 8c 39 68 8c e1 81 74 dc e0 68 14 4e d3 )
[V]2024-07-08 11:13:56.108182 [p:13074] wad_ssl_port_caps_on_dec_done :15087 sp=0x7f889ebb40/14 dec done 0x7f898c4c18 type 22 ver 0303 status 0 len 264 (0f 00 01 04 08 04 01 00 56 08 05 e0 e2 e8 ab b3 fe 54 84 e2 f3 22 3d 37 4d 3a 16 37 90 79 5c bc 4e bb 80 cb 82 71 c9 87 d7 db 38 cf 32 ed 65 48 2f 92 98 f6 3b f5 e1 c6 b4 13 11 2f 56 3a 37 a9 08 27 52 5d 99 2b 82 6a 68 7a 3e 8f 61 11 66 05 e3 98 de c4 81 a5 f2 76 27 d1 6e eb 89 48 78 4e ab e7 02 bb 3a 1d 31 d9 fb d2 ab 2c 57 8b 8f 38 97 00 50 00 0a 8e 61 84 f2 78 d3 5f 71 3e f8 ce 85 32 40 9e 9c 4f dd 7b ca 5e ce 74 74 b0 ac f0 5f 26 e5 1f b7 58 fa 31 db a3 5c b6 ac cd 24 4a 57 ab 9b 91 47 80 0c 9e 1b 4f e8 d2 d8 b8 c8 77 ad ac c9 87 ba 87 0b 71 c3 fa 8c 13 9c 78 a8 2c 69 96 7f 2a 4e a5 92 9e e9 2c 99 76 cf 95 64 b3 da 8e dc 31 7d 70 db 50 18 5a 6f 3f cf 9f 0b 8b 1e 34 28 a6 b1 6d 34 db 28 58 52 d3 56 d3 4a 61 66 51 3f 47 46 a3 a0 b8 2b e6 a3 00 af 64 72 f4 d2 5f c2 02 cd 05 83 1e )
[I]2024-07-08 11:13:56.108194 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 3 hs 32/30 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/264/1334 cti 0/0 ci 1/58/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.108208 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 5 hs 32/30 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/264/264 cti 0/0 ci 1/58/5 cto 0/0 wb 0/0
[V]2024-07-08 11:13:56.108224 [p:13074] wad_ssl_proxy_clt_on_handshake_recv:10895 sp=0x7f889ebb40/14 recv type=15 len=264 cache=0
[I]2024-07-08 11:13:56.108664 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 3 hs 33/32 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/260 cti 0/0 ci 1/58/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.108682 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 3 pts 3 hs 33/32 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/260 cti 0/0 ci 1/58/58 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.108697 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 3 hs 33/32 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/260 cti 1/58 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-08 11:13:56.108747 [p:13074] wad_ssl_port_caps_on_dec_start :15062 sp=0x7f889ebb40/14 dec start 0x7f898c4c18 type 23 ver 0303 len 53 (b3 8b 5f a7 06 ce 85 5f 8d 0c 9d ab 3f 00 05 33 3b c4 2e 29 b0 1e 00 11 52 75 34 23 7e 27 7b 5b 99 5a 2e e2 56 8c c8 e7 aa 09 b5 e2 e8 03 64 5f f9 70 b7 12 d9 )
[V]2024-07-08 11:13:56.108787 [p:13074] wad_ssl_port_caps_on_dec_done :15087 sp=0x7f889ebb40/14 dec done 0x7f898c4c18 type 22 ver 0303 status 0 len 36 (14 00 00 20 fe 9b 9a ff 19 35 67 74 e8 27 fe 55 e4 d5 b4 c7 7a a0 28 4c 48 23 7e f1 21 ad 7e 16 9d db c0 73 )
[I]2024-07-08 11:13:56.108807 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 3 hs 33/32 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/36/260 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.108821 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 5 hs 33/32 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 1/36/36 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[V]2024-07-08 11:13:56.108836 [p:13074] wad_ssl_port_caps_on_handshake_recv:10741 sp=0x7f889ebb40/14 recv type=20 len=36
[V]2024-07-08 11:13:56.108892 [p:13074] wad_ssl_port_caps_on_keys :11460 sp=0x7f889ebb40/14 client_write_key 7b ac d8 5e 9f 29 6c 8b f1 6d d1 8a 50 7e ed ca
[V]2024-07-08 11:13:56.108911 [p:13074] wad_ssl_port_caps_on_keys :11467 sp=0x7f889ebb40/14 server_write_key c6 1d 1b 20 75 cd 64 bb 59 46 f5 16 32 a0 a7 33
[V]2024-07-08 11:13:56.108928 [p:13074] wad_ssl_port_caps_on_keys :11475 sp=0x7f889ebb40/14 client_write_iv f7 2b 69 b8 26 58 71 e6 83 b7 a7 33
[V]2024-07-08 11:13:56.108944 [p:13074] wad_ssl_port_caps_on_keys :11484 sp=0x7f889ebb40/14 server_write_iv 31 be d9 68 86 00 41 2a 73 4a b8 af
[V]2024-07-08 11:13:56.108985 [p:13074] wad_ssl_sock_port_fts_in_write :15780 sp=0x7f889ebb40/14 start=0 len=6
[V]2024-07-08 11:13:56.108997 [p:13074] wad_ssl_sock_port_out_ops_sync :17172 sp=0x7f889ebb40/14 state=1 fts-input=6 proxy-input=0
[V]2024-07-08 11:13:56.109007 [p:13074] wad_ssl_sock_port_exec_dn_forward :16932 sp=0x7f889ebb40/14 ib-len=6
[V]2024-07-08 11:13:56.109017 [p:13074] wad_tcp_port_out_read_sync :944 tcp_port(0x7f889f36b0) sync 6
[V]2024-07-08 11:13:56.109040 [p:13074] wad_ssl_port_caps_on_handshake_sent:11239 sp=0x7f889ebb40/14 sent type=20
[V]2024-07-08 11:13:56.109075 [p:13074] wad_ssl_port_caps_on_enc_start :15012 sp=0x7f889ebb40/14 enc start 0x7f898c4978 type 22 ver 0303 len 36 (14 00 00 20 f4 69 2d bd 90 d7 8a bb 57 92 e1 4a 65 0f 89 6f f4 a1 c8 1c ef 4d bf bd ec 0c 71 78 65 9c 28 52 )
[V]2024-07-08 11:13:56.109138 [p:13074] wad_ssl_port_caps_on_enc_done :15039 sp=0x7f889ebb40/14 enc done 0x7f898c4978 type 22 ver 0303 status 0 len 58 (17 03 03 00 35 b0 17 e2 fa 92 59 38 19 15 5f 38 ee fb 3d fc a0 bb 5a f1 85 0e af ee 6e 14 8e 75 4b 77 83 19 c0 08 a8 ea 7b ef 3e 61 6f b1 69 60 9e 58 52 3a d6 e8 7d 93 63 4a )
[V]2024-07-08 11:13:56.109148 [p:13074] wad_ssl_sock_port_fts_in_write :15780 sp=0x7f889ebb40/14 start=0 len=58
[V]2024-07-08 11:13:56.109157 [p:13074] wad_ssl_sock_port_out_ops_sync :17172 sp=0x7f889ebb40/14 state=1 fts-input=58 proxy-input=0
[V]2024-07-08 11:13:56.109165 [p:13074] wad_ssl_sock_port_exec_dn_forward :16932 sp=0x7f889ebb40/14 ib-len=58
[V]2024-07-08 11:13:56.109173 [p:13074] wad_tcp_port_out_read_sync :944 tcp_port(0x7f889f36b0) sync 64
[I]2024-07-08 11:13:56.109190 [p:13074] wad_ssl_clt_on_handshake_done :10232 sp=0x7f889ebb40/14 no_session_cache=0
[I]2024-07-08 11:13:56.109198 [p:13074] wad_ssl_common_on_handshake_done :10045 sp=0x7f889ebb40/14 SSL handshake done! cipher-num=0x1301

 
  • Proxy -> Server - Certificate authenticated.


[I]2024-07-08 11:13:56.109214 [p:13074] wad_ssl_cic_handshake_done :455 task=0x7f889de048 oid=7858927882152766408 host=0x7f84c06828/wss.dsrsd.pt hash=0x7f84c07158: auth result: status=fnbam cert_status=unstable
[I]2024-07-08 11:13:56.109238 [p:13074] wad_ssl_cic_core_dump_item :221 cic-core add new item host='wss.dsrsd.pt' age=20-0 oid=7858927882152766408 sni-mismatch=0 auth result: status=fnbam cert_status=unstable untrusted
[I]2024-07-08 11:13:56.109269 [p:13074] wad_ssl_app_port_out_ops_close :17979 sp=0x7f889ebb40/14 closed=0 out_shutdown=0 graceful=0
[I]2024-07-08 11:13:56.109280 [p:13074] wad_ssl_sock_port_out_ops_close :17209 sp=0x7f889ebb40/14 closed=0
[I]2024-07-08 11:13:56.109290 [p:13074] wad_tcp_port_transport_close :1097 0x7f889f36b0 has bytes to sync 64
[I]2024-07-08 11:13:56.109297 [p:13074] wad_tcp_port_transport_close :1101 sock 119 read_block enforced, turn off readability.
[I]2024-07-08 11:13:56.109306 [p:13074] wad_ssl_cic_client_task_async_run :1799 task(0x7f889de048) finished!
[I]2024-07-08 11:13:56.109314 [p:13074] wad_ssl_cic_client_ctx_async_run :2004 ctx(0x7f889e4048) finished!
[I]2024-07-08 11:13:56.109322 [p:13074] wad_ssl_proxy_srv_on_cic_lookup_resp:12997 wsp(0x7f889eb798/6) result (ret: 1, dns: 0, cache: 0, fwd: 4)!
[I]2024-07-08 11:13:56.109331 [p:13074] wad_ssl_cic_client_close_ctx :2472 ctx(0x7f889e4048) is closing!
[I]2024-07-08 11:13:56.109338 [p:13074] wad_ssl_proxy_srv_on_cic_lookup_done:12892 wsp(0x7f889eb798/6) item: 0x7f88235048, result: (ret: 1, dns: 0, cache: 0, fwd: 4)!
[I]2024-07-08 11:13:56.109353 [p:13074] wad_ssl_proxy_cert_hostname_check :12680 ses_ctx=0x7f88db5c08 sp=0x7f889eb3f0/7 ssl_proc=pucsn host=wss.dsrsd.pt [cert_src=2 url_src=2 cert=1 sni=1 mismatch=0]
[I]2024-07-08 11:13:56.109366 [p:13074] wad_ssl_cert_get_auth_status :2361 cert:status=fnbam result=unstable untrusted stale=0 ocsp:status=good reason=unspecified cfg:expired=2 revoked=2 timeout=1 failure=2 untrusted=1
[I]2024-07-08 11:13:56.109380 [p:13074] wad_ssl_proxy_clt_continue_server_cert_check:11010 wsp(0x7f889eb3f0/7) got auth_status(untrusted) from cic!
[I]2024-07-08 11:13:56.109388 [p:13074] wad_ssl_proxy_clt_continue_server_cert_check_bypass:10925 sp=0x7f889eb3f0/7 exempt=unknown.x_none bypass after cert trusted
[I]2024-07-08 11:13:56.109397 [p:13074] wad_ssl_proxy_clt_bypass_check_before_set_cert:3143 wsp(0x7f889eb3f0/7) auth_status=untrusted sni_check=1 bypass_cert=1 intercept_type=pass
[I]2024-07-08 11:13:56.109425 [p:13074] wad_ssl_proxy_bypass_after_exempt_check:11115 wsp(0x7f889eb3f0/7) got a chance to forward CH. clt(0x7f889eb798) ch(0x7f88c59388)

 
  • Original TLS Session Resumed.


[V]2024-07-08 11:13:56.109839 [p:13074] wad_ssl_port_caps_on_enc_start :15012 sp=0x7f889eb3f0/7 enc start 0x7f88d8b7c8 type 22 ver 0301 len 591 (01 00 02 4b 03 03 06 57 eb 6a e7 be c6 c8 59 3b 75 c0 01 a5 26 38 ea 94 41 12 42 99 c5 48 b0 86 6f 77 bc d4 ae 14 20 a0 05 aa dc 04 ac 4e 25 6c e8 65 52 53 30 ce af 4b a5 ab 69 fc db c5 a6 fb cc 43 80 17 55 3c 2d 00 20 1a 1a 13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30 cc a9 cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35 01 00 01 e2 2a 2a 00 00 00 2b 00 07 06 2a 2a 03 04 03 03 00 0a 00 0a 00 08 5a 5a 00 1d 00 17 00 18 00 33 00 2b 00 29 5a 5a 00 01 00 00 1d 00 20 48 72 cb e7 43 e2 bb 9a bb b6 80 d7 06 30 f3 00 7c 8f ec d8 02 09 e9 e4 8a 12 e8 1b 77 d1 cc 15 00 0d 00 12 00 10 04 03 08 04 04 01 05 03 08 05 05 01 08 06 06 01 00 1b 00 03 02 00 02 00 05 00 05 01 00 00 00 00 ff 01 00 01 00 00 23 00 00 00 0b 00 02 01 00 00 00 00 11 00 0f 00 00 0c 77 73 73 2e 64 73 72 73 64 2e 70 74 00 12 00 00 00 10 00 0e 00 0c 02 68 32 08 68 74 74 70 2f 31 2e 31 44 69 00 05 00 03
[V]2024-07-08 11:13:56.110275 [p:13074] wad_ssl_port_caps_on_enc_done :15039 sp=0x7f889eb3f0/7 enc done 0x7f88d8b7c8 type 22 ver 0301 status 0 len 596 (16 03 01 02 4f 01 00 02 4b 03 03 06 57 eb 6a e7 be c6 c8 59 3b 75 c0 01 a5 26 38 ea 94 41 12 42 99 c5 48 b0 86 6f 77 bc d4 ae 14 20 a0 05 aa dc 04 ac 4e 25 6c e8 65 52 53 30 ce af 4b a5 ab 69 fc db c5 a6 fb cc 43 80 17 55 3c 2d 00 20 1a 1a 13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30 cc a9 cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35 01 00 01 e2 2a 2a 00 00 00 2b 00 07 06 2a 2a 03 04 03 03 00 0a 00 0a 00 08 5a 5a 00 1d 00 17 00 18 00 33 00 2b 00 29 5a 5a 00 01 00 00 1d 00 20 48 72 cb e7 43 e2 bb 9a bb b6 80 d7 06 30 f3 00 7c 8f ec d8 02 09 e9 e4 8a 12 e8 1b 77 d1 cc 15 00 0d 00 12 00 10 04 03 08 04 04 01 05 03 08 05 05 01 08 06 06 01 00 1b 00 03 02 00 02 00 05 00 05 01 00 00 00 00 ff 01 00 01 00 00 23 00 00 00 0b 00 02 01 00 00 00 00 11 00 0f 00 00 0c 77 73 73 2e 64 73 72 73 64 2e 70 74 00 12 00 00 00 10 00 0e 00 0c 02 68 32 08 68 74 74 70 2f 31 2
[V]2024-07-08 11:13:56.110317 [p:13074] wad_ssl_sock_port_fts_in_write :15780 sp=0x7f889eb3f0/7 start=0 len=596
[V]2024-07-08 11:13:56.110326 [p:13074] wad_ssl_sock_port_out_ops_sync :17172 sp=0x7f889eb3f0/7 state=1 fts-input=596 proxy-input=0
[V]2024-07-08 11:13:56.110335 [p:13074] wad_ssl_sock_port_exec_dn_forward :16932 sp=0x7f889eb3f0/7 ib-len=596
[V]2024-07-08 11:13:56.110343 [p:13074] wad_tcp_port_out_read_sync :944 tcp_port(0x7f889f3420) sync 596
[I]2024-07-08 11:13:56.110351 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889eb3f0/7 cts 2 pts 2 hs 3/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/0 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.110365 [p:13074] wad_ssl_proxy_bypass :4920 sp=0x7f889eb3f0/7 bypassing=0 cache=1!
[I]2024-07-08 11:13:56.110375 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889eb798/6 cts 2 pts 2 hs 25/2 cpcs 0 ppcs 0 se 0 ed 0/0 ph 1 pti 0/0/587 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.110389 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889eb798/6 cts 2 pts 6 hs 34/2 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/587 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.110403 [p:13074] wad_ssl_port_enter_bypass :4761 wsp=0x7f889eb798/6 entered bypass
[I]2024-07-08 11:13:56.110411 [p:13074] wad_ssl_port_enter_bypass :4761 wsp=0x7f889eb3f0/7 entered bypass
[I]2024-07-08 11:13:56.110419 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889eb3f0/7 cts 2 pts 6 hs 34/0 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/0 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.110433 [p:13074] wad_ssl_negotiate_close :2264 nego=0x7f88cb52c8
[I]2024-07-08 11:13:56.110445 [p:13074] wad_ssl_negotiate_close :2264 nego=0x7f88cb5be0
[I]2024-07-08 11:13:56.110455 [p:13074] wad_ssl_proxy_clt_set_server_cert :3223 wsp=0x7f889eb3f0/2way_peer_clt ret=1 certs=0 cert=0 auth-fail=0 ssl_proc=pucsn
[I]2024-07-08 11:13:56.110464 [p:13074] wad_ssl_proxy_clt_set_server_cert :3233 wsp(0x7f889eb3f0/7) bypassing.
[I]2024-07-08 11:13:56.110473 [p:13074] wad_ssl_cic_client_task_ctx_cnt_put:1527 task(0x7f889de048) has no more ctx!
[I]2024-07-08 11:13:56.110482 [p:13074] wad_ssl_cic_client_task_free :1486 task(0x7f889de048) freed!
[I]2024-07-08 11:13:56.110503 [p:13074] wad_ssl_port_caps_on_task :12099 wsp=0x7f889ebb40/14 cts 2 pts 3 hs 34/33 cpcs 0 ppcs 0 se 0 ed 0/0 ph 0 pti 0/0/32 cti 0/0 ci 0/0/5 cto 0/0 wb 0/0
[I]2024-07-08 11:13:56.110518 [p:13074] wad_ssl_port_close :20654 sp=0x7f889ebb40/14 state=5, half=0
[I]2024-07-08 11:13:56.110537 [p:13074] wad_ssl_negotiate_close :2264 nego=0x7f88cb55d0
[I]2024-07-08 11:13:56.110599 [p:13074] wad_tcp_port_flush :1556 sock 119 write (2,64,64) n_written=64 tcp_port 0x7f889f36b0
[I]2024-07-08 11:13:56.110692 [p:13074] wad_tcp_port_proc_end :809 tcp=0x7f889f36b0 socket=119 good=0 both ends closed.
[I]2024-07-08 11:13:56.110734 [p:13074] wad_tcp_port_end_event :764 sock 119 close
[I]2024-07-08 11:13:56.110753 [p:13074] wad_tcp_port_proc_end :855 tcp 0x7f889f36b0 closed on sock 119
[I]2024-07-08 11:13:56.110769 [p:13074] wad_tcp_port_put :627 free tcp_port=0x7f889f36b0
[I]2024-07-08 11:13:56.110809 [p:13074][s:475587] wad_tcp_port_flush :1556 sock 116 write (1,596,596) n_written=596 tcp_port 0x7f889f3420
[I]2024-07-08 11:13:56.112435 [p:13074] wad_unix_stream_flush_data :595 WAD unix stream stream 0x7f8a106fc8 write (1,72)
[V]2024-07-08 11:13:56.112550 [p:13074] wad_ssl_cic_conn_on_notify_output :549 cni(0x7f89931d58)
[V]2024-07-08 11:13:56.112560 [p:13074] wad_ssl_cicc_on_blocked :1336 clt(0x7f891e1048) blocked(0)
[I]2024-07-08 11:13:56.116358 [p:13074][s:475587] wad_tcp_port_on_event :1887 start processing tcp event=0x1 events=0x1 fd=116 n_out_block=0 state=2 close/shut=0/0 n_out_block=0
[I]2024-07-08 11:13:56.116389 [p:13074][s:475587] wad_tcp_port_on_read :1763 sock 116 read (0,4080)
[V]2024-07-08 11:13:56.117239 [p:13074][s:475587] wad_ssl_sock_port_in_ops_read_buff:16574 sp=0x7f889eb3f0/7 len=1884
[V]2024-07-08 11:13:56.117250 [p:13074][s:475587] wad_ssl_sock_port_in_ops_sync :16584 sp=0x7f889eb3f0/7 sync state=1 start
[V]2024-07-08 11:13:56.117259 [p:13074][s:475587] wad_ssl_sock_port_exec_up_forward :16257 sp=0x7f889eb3f0/7
[V]2024-07-08 11:13:56.117269 [p:13074][s:475587] wad_tcp_port_out_read_sync :944 tcp_port(0x7f889f32d8) sync 1884
[V]2024-07-08 11:13:56.117279 [p:13074][s:475587] wad_tcp_port_window_adjust :463 tcp_port 0x7f889f3420 window-type 3 set 1 SNDBUF 131072 RCVBUF 349520
[V]2024-07-08 11:13:56.117298 [p:13074][s:475587] wad_tcp_port_update_fixed_window :389 tcp_port 0x7f889f3420 fixed window size set to 163840
[I]2024-07-08 11:13:56.117357 [p:13074][s:475587] wad_tcp_port_flush :1556 sock 115 write (1,1884,1884) n_written=1884 tcp_port 0x7f889f32d8
[I]2024-07-08 11:13:56.120188 [p:13074][s:475587] wad_tcp_port_on_event :1887 start processing tcp event=0x1 events=0x1 fd=115 n_out_block=0 state=2 close/shut=0/0 n_out_block=0
[I]2024-07-08 11:13:56.120205 [p:13074][s:475587] wad_tcp_port_on_read :1763 sock 115 read (596,3484)
[V]2024-07-08 11:13:56.120294 [p:13074][s:475587] wad_ssl_sock_port_in_ops_read_buff:16574 sp=0x7f889eb798/6 len=64
[V]2024-07-08 11:13:56.120303 [p:13074][s:475587] wad_ssl_sock_port_in_ops_sync :16584 sp=0x7f889eb798/6 sync state=1 start
[V]2024-07-08 11:13:56.120312 [p:13074][s:475587] wad_ssl_sock_port_exec_up_forward :16257 sp=0x7f889eb798/6
[V]2024-07-08 11:13:56.120320 [p:13074][s:475587] wad_tcp_port_out_read_sync :944 tcp_port(0x7f889f3420) sync 64
[V]2024-07-08 11:13:56.120329 [p:13074][s:475587] wad_tcp_port_window_adjust :463 tcp_port 0x7f889f32d8 window-type 3 set 1 SNDBUF 327680 RCVBUF 327680
[I]2024-07-08 11:13:56.120367 [p:13074][s:475587] wad_tcp_port_flush :1556 sock 116 write (1,64,64) n_written=64 tcp_port 0x7f889f3420
[I]2024-07-08 11:13:56.122093 [p:13074][s:475587] wad_tcp_port_on_event :1887 start processing tcp event=0x1 events=0x1 fd=115 n_out_block=0 state=2 close/shut=0/0 n_out_block=0
[I]2024-07-08 11:13:56.122111 [p:13074][s:475587] wad_tcp_port_on_read :1763 sock 115 read (660,3420)
[V]2024-07-08 11:13:56.122869 [p:13074][s:475587] wad_ssl_sock_port_in_ops_read_buff:16574 sp=0x7f889eb798/6 len=688
[V]2024-07-08 11:13:56.122879 [p:13074][s:475587] wad_ssl_sock_port_in_ops_sync :16584 sp=0x7f889eb798/6 sync state=1 start
[V]2024-07-08 11:13:56.122888 [p:13074][s:475587] wad_tcp_port_out_read_sync :944 tcp_port(0x7f889f3420) sync 688
[V]2024-07-08 11:13:56.122897 [p:13074][s:475587] wad_tcp_port_window_adjust :463 tcp_port 0x7f889f32d8 window-type 3 set 1 SNDBUF 327680 RCVBUF 327680
[I]2024-07-08 11:13:56.122953 [p:13074][s:475587] wad_tcp_port_flush :1556 sock 116 write (1,688,688) n_written=688 tcp_port 0x7f889f3420
[I]2024-07-08 11:13:56.124033 [p:13074][s:475587] wad_tcp_port_on_event :1887 start processing tcp event=0x1 events=0x1 fd=116 n_out_block=0 state=2 close/shut=0/0 n_out_block=0
[I]2024-07-08 11:13:56.124050 [p:13074][s:475587] wad_tcp_port_on_read :1763 sock 116 read (1884,2196)
[V]2024-07-08 11:13:56.124259 [p:13074][s:475587] wad_ssl_sock_port_in_ops_read_buff:16574 sp=0x7f889eb3f0/7 len=158
[V]2024-07-08 11:13:56.124281 [p:13074][s:475587] wad_ssl_sock_port_in_ops_sync :16584 sp=0x7f889eb3f0/7 sync state=1 start
[V]2024-07-08 11:13:56.124291 [p:13074][s:475587] wad_tcp_port_out_read_sync :944 tcp_port(0x7f889f32d8) sync 158
[V]2024-07-08 11:13:56.124300 [p:13074][s:475587] wad_tcp_port_window_adjust :463 tcp_port 0x7f889f3420 window-type 3 set 1 SNDBUF 327680 RCVBUF 327680
[I]2024-07-08 11:13:56.124335 [p:13074][s:475587] wad_tcp_port_flush :1556 sock 115 write (1,158,158) n_written=158 tcp_port 0x7f889f32d8
[I]2024-07-08 11:13:56.130773 [p:13074][s:475587] wad_tcp_port_on_event :1887 start processing tcp event=0x1 events=0x1 fd=116 n_out_block=0 state=2 close/shut=0/0 n_out_block=0
[I]2024-07-08 11:13:56.130797 [p:13074][s:475587] wad_tcp_port_on_read :1763 sock 116 read (2042,2038)
[V]2024-07-08 11:13:56.131521 [p:13074][s:475587] wad_ssl_sock_port_in_ops_read_buff:16574 sp=0x7f889eb3f0/7 len=633
[V]2024-07-08 11:13:56.131533 [p:13074][s:475587] wad_ssl_sock_port_in_ops_sync :16584 sp=0x7f889eb3f0/7 sync state=1 start
[V]2024-07-08 11:13:56.131542 [p:13074][s:475587] wad_tcp_port_out_read_sync :944 tcp_port(0x7f889f32d8) sync 633
[V]2024-07-08 11:13:56.131551 [p:13074][s:475587] wad_tcp_port_window_adjust :463 tcp_port 0x7f889f3420 window-type 3 set 1 SNDBUF 327680 RCVBUF 327680
[I]2024-07-08 11:13:56.131593 [p:13074][s:475587] wad_tcp_port_flush :1556 sock 115 write (1,633,633) n_written=633 tcp_port 0x7f889f32d8

 

After collecting the logs, it is necessary to debug the specific process, and for that, it needs to enter the process context. It is possible to enter the process context by using the command 'diagnose test application wad 2x0y' where x is the process type and y is the process index. As shown below, PID 13074 is a worker (2) and its index is 0. It is necessary to issue 'diagnose test application wad 2200' to enter the interesting process context.
 
  • List WAD Processes.

 

DSRSD_FW # diagnose test application wad 1000
Process [0]: WAD manager type=manager(0) pid=13062 diagnosis=yes.
Process [1]: type=worker(2) index=0 pid=13074 state=running
              diagnosis=no debug=enable valgrind=supported/disabled
Process [2]: type=algo(3) index=0 pid=13073 state=running
              diagnosis=no debug=enable valgrind=unsupported/disabled
Process [3]: type=informer(4) index=0 pid=13066 state=running
              diagnosis=no debug=enable valgrind=unsupported/disabled
Process [4]: type=user-info(5) index=0 pid=13067 state=running
              diagnosis=no debug=enable valgrind=supported/disabled
Process [5]: type=dev-vuln(6) index=0 pid=13068 state=running
              diagnosis=no debug=enable valgrind=supported/disabled
Process [6]: type=cert-inspection(9) index=0 pid=13072 state=running
              diagnosis=no debug=enable valgrind=unsupported/disabled
Process [7]: type=user-info-history(11) index=0 pid=13069 state=running
              diagnosis=no debug=enable valgrind=supported/disabled
Process [8]: type=debug(12) index=0 pid=13070 state=running
              diagnosis=no debug=enable valgrind=unsupported/disabled
Process [9]: type=config-notify(13) index=0 pid=13071 state=running
              diagnosis=no debug=enable valgrind=unsupported/disabled
 
  • Enter process context.

 

DSRSD_FW # diagnose test application wad 2200
    set diagnosis process: type=worker index=0 pid=13074
 
After entering the process context, it is possible to list the TCP Port Information to find the Client -> Proxy and Proxy -> Server specifics.
 
  • Display TCP Port Information.

 

DSRSD_FW # diagnose test application wad 22
TCP stats: active=3 accepts=37 connects=20 accept_err=0
           connect_err=0 bind_fails=0 make_failure=0 connected=20
           too_many_write_blocks=0 read_end_write_blocked=0
           timer start/timeout=37/0
TCP port=0x7f889f32d8 ses_ctx=0x7f88db5c08 sock=115/115 is_conn=0 state=2    <--- Client/Proxy
        process=0 snfbuf=327680 rcvbuf=327680
        closed(grace/out/in/sock)=0(0/0/0/0)
        85.245.105.249:20574-->144.64.251.248:8444
TCP port=0x7f889f3420 ses_ctx=0x7f88db5c08 sock=116/116 is_conn=1 state=2    <--- Proxy/Server
        process=0 snfbuf=327680 rcvbuf=327680
        closed(grace/out/in/sock)=0(0/0/0/0)
        85.245.105.249:20574-->192.168.20.18:443
 
Now, with all this information, it is possible to analyze the WAD debug more easily.

 

514
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.