Dustin Lundquist

@cyberjacob I don't think the increased size of the IPv6 header is your problem, but it could be that the downstream server is looking at the TCP segmentation and inferring...

@cyberjacob No, I was referring to the ipv6_v6only listener option, this disables the Linux default behavior that a socked listening on `[::]` will receive connections to any IPv4 address bound...

Overall looks great. I wanted to avoid creating a dependencies for the protocol parsers on other modules (besides logger module and protocol header), can we avoid passing a reference to...

I haven't forgotten about this one. Hopefully I'll have some time this weekend to dig in further.

Sorry for the long delay getting back to you, I haven't had much time to work on sniproxy over the last month. I'm still not real happy with the level...

@akorn SNIproxy currently supports using IP_TRANSPARENT in conjunction with iptables to impersonate the original client address (see `tests/transparent_proxy_test`). Using it as a general purpose byte pump learning the ultimate destination...

@robinbowes You might consider using the package from Fedora: http://pkgs.fedoraproject.org/cgit/sniproxy.git/tree/

Looks good. Is it worth using calloc() for group list allocation should the group list change during the operation? Mind adding updating the config man page?

It looks like this could be done by replacing `pcre_exec()` with `pcre2_substitute()`[1]. I'm not sure how much value there is in this, since when proxying TLS the backend server will...

I'm not opposed to this feature. I think the present use of regular expressions can be confusing to some users who assume it is just wildcard globbing. I'm also considering...