Update toolchain once more

Signed-off-by: Jacob Kiers <code@kiers.eu>
Disable default features for self_update
2024-06-22 15:20:28 +02:00 · 2024-06-22 15:12:26 +02:00 · 2024-06-22 14:57:51 +02:00 · 2024-06-22 14:33:01 +02:00 · 2024-06-22 13:55:01 +02:00 · 2024-06-22 13:54:41 +02:00
18 changed files with 114 additions and 1822 deletions
--- a/.drone.jsonnet
+++ b/.drone.jsonnet
@@ -1,5 +1,5 @@
 local executableName = 'l4p';
-local build_image = 'img.kie.rs/jjkiers/rust-crossbuild:rust1.79.0-zig0.11.0-zig';
+local build_image = 'img.kie.rs/jjkiers/rust-crossbuild:rust1.79.0-zig0.12.1-zig';
 local archs = [
  { target: 'aarch64-unknown-linux-musl', short: 'arm64-musl' },
--- a/.woodpecker/build.yaml
+++ b/.woodpecker/build.yaml
@@ -1,52 +0,0 @@
 when:
  - event:
    - push
    - tag
    - manual
 matrix:
  include:
    - TARGET: x86_64-unknown-linux-musl
      SHORT: amd64-musl
      BIN_SUFFIX:
    - TARGET: aarch64-unknown-linux-musl
      SHORT: arm64-musl
      BIN_SUFFIX:
    - TARGET: x86_64-pc-windows-gnu
      SHORT: windows
      BIN_SUFFIX: .exe
 steps:
  - name: Prepare
    image: img.kie.rs/jjkiers/rust-crossbuild:rust1.79.0-zig0.11.0-zig
    commands:
      - echo Using image img.kie.rs/jjkiers/rust-crossbuild:rust1.79.0-zig0.11.0-zig
      - mkdir -p artifacts
      - cargo --version
      - rustc --version
  - name: Build for ${SHORT}
    image: img.kie.rs/jjkiers/rust-crossbuild:rust1.79.0-zig0.11.0-zig
    commands:
      - echo Building ${TARGET} \(${SHORT}\)
      - cargo zigbuild --release --target ${TARGET}
      - mkdir -p artifacts
      - cp target/${TARGET}/release/l4p${BIN_SUFFIX} artifacts/l4p-${TARGET}${BIN_SUFFIX}
      - rm -rf target/${TARGET}/release/*
    depends_on:
      - Prepare
  - name: Release
    image: img.kie.rs/jjkiers/rust-crossbuild:rust1.79.0-zig0.11.0-zig
    when:
      - event: tag
    commands:
      - ls -lah artifacts
      - scripts/create_release_artifacts.sh
    environment:
      GITEA_SERVER_URL: https://code.kiers.eu
      GITEA_SERVER_TOKEN:
        from_secret: gitea_token
    depends_on:
      - Build for ${SHORT}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,19 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 ## [0.1.10] - 2025-01-09
 ### Fixed
 * The ClientHello TLS header is now read in full before it is parsed, solving
  an error where there was not enough data to fully read it. In those cases
  it was not possible to determine the upstream address and therefore the proxy
  would go the the default action instead.
 ### Changed
 * Updated some dependencies to prevent the build from breaking.
 ## [0.1.9] - 2024-06-22
 ### Deprecated
@@ -41,10 +28,10 @@ The ability to run `l4p` without arguments is now deprecated. Please use
 ## Previous versions
 [unreleased]: https://code.kiers.eu/jjkiers/layer4-proxy/compare/v0.1.9...HEAD
 [0.1.10]: https://code.kiers.eu/jjkiers/layer4-proxy/compare/v0.1.9...v0.1.10
 [0.1.9]: https://code.kiers.eu/jjkiers/layer4-proxy/compare/v0.1.8...v0.1.9
 Types of changes:
 * `Added` for new features.
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 4
+version = 3
 [[package]]
 name = "addr2line"
@@ -37,12 +37,6 @@ dependencies = [
 "syn 2.0.50",
 ]
 [[package]]
 name = "atomic-waker"
 version = "1.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
 [[package]]
 name = "autocfg"
 version = "1.1.0"
@@ -140,6 +134,15 @@ version = "0.3.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f"
 [[package]]
 name = "enum_primitive"
 version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "be4551092f4d519593039259a9ed8daedf0da12e5109c5280338073eaeb81180"
 dependencies = [
 "num-traits 0.1.43",
 ]
 [[package]]
 name = "env_logger"
 version = "0.10.2"
@@ -305,30 +308,11 @@ version = "0.28.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253"
 [[package]]
 name = "h2"
 version = "0.4.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ccae279728d634d083c00f6099cb58f01cc99c145b84b8be2f6c74618d79922e"
 dependencies = [
 "atomic-waker",
 "bytes",
 "fnv",
 "futures-core",
 "futures-sink",
 "http",
 "indexmap",
 "slab",
 "tokio",
 "tokio-util",
 "tracing",
 ]
 [[package]]
 name = "hashbrown"
-version = "0.15.2"
+version = "0.14.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289"
+checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604"
 [[package]]
 name = "hermit-abi"
@@ -391,7 +375,6 @@ dependencies = [
 "bytes",
 "futures-channel",
 "futures-util",
 "h2",
 "http",
 "http-body",
 "httparse",
@@ -452,9 +435,9 @@ dependencies = [
 [[package]]
 name = "indexmap"
-version = "2.7.0"
+version = "2.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62f822373a4fe84d4bb149bf54e584a7f4abec90e072ed49cda0edea5b95471f"
+checksum = "233cf39063f058ea2caae4091bf4a3ef70a653afbc026f5c4a4135d114e3c177"
 dependencies = [
 "equivalent",
 "hashbrown",
@@ -516,7 +499,7 @@ dependencies = [
 [[package]]
 name = "l4p"
-version = "0.1.12"
+version = "0.1.9"
 dependencies = [
 "async-trait",
 "byte_string",
@@ -525,7 +508,6 @@ dependencies = [
 "log",
 "pico-args",
 "pretty_env_logger",
 "psl",
 "self_update",
 "serde",
 "serde_yaml",
@@ -645,6 +627,24 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
 [[package]]
 name = "num-traits"
 version = "0.1.43"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "92e5113e9fd4cc14ded8e499429f396a20f98c772a47cc8622a736e1ec843c31"
 dependencies = [
 "num-traits 0.2.18",
 ]
 [[package]]
 name = "num-traits"
 version = "0.2.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a"
 dependencies = [
 "autocfg",
 ]
 [[package]]
 name = "num_cpus"
 version = "1.16.0"
@@ -655,27 +655,6 @@ dependencies = [
 "libc",
 ]
 [[package]]
 name = "num_enum"
 version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4e613fc340b2220f734a8595782c551f1250e969d87d3be1ae0579e8d4065179"
 dependencies = [
 "num_enum_derive",
 ]
 [[package]]
 name = "num_enum_derive"
 version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "af1844ef2428cc3e1cb900be36181049ef3d3193c63e43026cfe202983b27a56"
 dependencies = [
 "proc-macro-crate",
 "proc-macro2",
 "quote",
 "syn 2.0.50",
 ]
 [[package]]
 name = "num_threads"
 version = "0.1.7"
@@ -737,18 +716,18 @@ checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e"
 [[package]]
 name = "phf"
-version = "0.11.3"
+version = "0.10.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1fd6780a80ae0c52cc120a26a1a42c1ae51b247a253e4e06113d23d2c2edd078"
+checksum = "fabbf1ead8a5bcbc20f5f8b939ee3f5b0f6f281b6ad3468b84656b658b455259"
 dependencies = [
 "phf_shared",
 ]
 [[package]]
 name = "phf_codegen"
-version = "0.11.3"
+version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aef8048c789fa5e851558d709946d6d79a8ff88c0440c587967f8e94bfb1216a"
+checksum = "4fb1c3a8bc4dd4e5cfce29b44ffc14bedd2ee294559a294e2a4d4c9e9a6a13cd"
 dependencies = [
 "phf_generator",
 "phf_shared",
@@ -756,9 +735,9 @@ dependencies = [
 [[package]]
 name = "phf_generator"
-version = "0.11.3"
+version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3c80231409c20246a13fddb31776fb942c38553c51e871f8cbd687a4cfb5843d"
+checksum = "5d5285893bb5eb82e6aaf5d59ee909a06a16737a8970984dd7746ba9283498d6"
 dependencies = [
 "phf_shared",
 "rand",
@@ -766,9 +745,9 @@ dependencies = [
 [[package]]
 name = "phf_shared"
-version = "0.11.3"
+version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "67eabc2ef2a60eb7faa00097bd1ffdb5bd28e62bf39990626a582201b7a754e5"
+checksum = "b6796ad771acdc0123d2a88dc428b5e38ef24456743ddb1744ed628f9815c096"
 dependencies = [
 "siphasher",
 ]
@@ -839,15 +818,6 @@ dependencies = [
 "log",
 ]
 [[package]]
 name = "proc-macro-crate"
 version = "3.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8ecf48c7ca261d60b74ab1a7b20da18bede46776b2e55535cb958eb595c5fa7b"
 dependencies = [
 "toml_edit",
 ]
 [[package]]
 name = "proc-macro2"
 version = "1.0.78"
@@ -857,26 +827,11 @@ dependencies = [
 "unicode-ident",
 ]
 [[package]]
 name = "psl"
 version = "2.1.199"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "70b63978a2742d3f662188698ab45854156e7e34658f53fa951e9253a3dfd583"
 dependencies = [
 "psl-types",
 ]
 [[package]]
 name = "psl-types"
 version = "2.0.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "33cb294fe86a74cbcf50d4445b37da762029549ebeea341421c7c70370f86cac"
 [[package]]
 name = "quick-xml"
-version = "0.37.2"
+version = "0.23.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "165859e9e55f79d67b96c5d96f4e88b6f2695a1972849c15a6a3f5c59fc2c003"
+checksum = "11bafc859c6815fbaffbbbf4229ecb767ac913fecb27f9ad4343662e9ef099ea"
 dependencies = [
 "memchr",
 ]
@@ -1016,7 +971,6 @@ dependencies = [
 "futures-channel",
 "futures-core",
 "futures-util",
 "h2",
 "http",
 "http-body",
 "http-body-util",
@@ -1170,9 +1124,9 @@ dependencies = [
 [[package]]
 name = "self_update"
-version = "0.42.0"
+version = "0.40.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d832c086ece0dacc29fb2947bb4219b8f6e12fe9e40b7108f9e57c4224e47b5c"
+checksum = "4e4997484b55df069a4773d822715695b2cc27b23829eca2a4b41690e948bdeb"
 dependencies = [
 "hyper",
 "indicatif",
@@ -1260,9 +1214,9 @@ dependencies = [
 [[package]]
 name = "siphasher"
-version = "1.0.1"
+version = "0.3.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "56199f7ddabf13fe5074ce809e7d3f42b42ae711800501b5b16ea82ad029c39d"
+checksum = "38b58827f4464d87d377d175e90bf58eb00fd8716ff0a62f80356b5e61555d0d"
 [[package]]
 name = "slab"
@@ -1372,9 +1326,9 @@ dependencies = [
 [[package]]
 name = "time"
-version = "0.3.37"
+version = "0.3.34"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "35e7868883861bd0e56d9ac6efcaaca0d6d5d82a2a7ec8209ff492c07cf37b21"
+checksum = "c8248b6521bb14bc45b4067159b9b6ad792e2d6d754d6c41fb50e29fefe38749"
 dependencies = [
 "deranged",
 "itoa",
@@ -1395,9 +1349,9 @@ checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3"
 [[package]]
 name = "time-macros"
-version = "0.2.19"
+version = "0.2.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2834e6017e3e5e4b9834939793b282bc03b37a3336245fa820e35e233e2a85de"
+checksum = "7ba3a3ef41e6672a2f0f001392bb5dcd3ff0a9992d618ca761a11c3121547774"
 dependencies = [
 "num-conv",
 "time-core",
@@ -1420,13 +1374,13 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 [[package]]
 name = "tls-parser"
-version = "0.12.2"
+version = "0.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22c36249c6082584b1f224e70f6bdadf5102197be6cfa92b353efe605d9ac741"
+checksum = "409206e2de64edbf7ea99a44ac31680daf9ef1a57895fb3c5bd738a903691be0"
 dependencies = [
 "enum_primitive",
 "nom",
 "nom-derive",
 "num_enum",
 "phf",
 "phf_codegen",
 "rusticata-macros",
@@ -1473,36 +1427,6 @@ dependencies = [
 "tokio",
 ]
 [[package]]
 name = "tokio-util"
 version = "0.7.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d7fcaa8d55a2bdd6b83ace262b016eca0d79ee02818c5c1bcdf0305114081078"
 dependencies = [
 "bytes",
 "futures-core",
 "futures-sink",
 "pin-project-lite",
 "tokio",
 ]
 [[package]]
 name = "toml_datetime"
 version = "0.6.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0dd7358ecb8fc2f8d014bf86f6f638ce72ba252a2c3a2572f2a795f1d23efb41"
 [[package]]
 name = "toml_edit"
 version = "0.22.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4ae48d6208a266e853d946088ed816055e556cc6028c5e8e2b84d9fa5dd7c7f5"
 dependencies = [
 "indexmap",
 "toml_datetime",
 "winnow",
 ]
 [[package]]
 name = "tower"
 version = "0.4.13"
@@ -1886,15 +1810,6 @@ version = "0.52.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0770833d60a970638e989b3fa9fd2bb1aaadcf88963d1659fd7d9990196ed2d6"
 [[package]]
 name = "winnow"
 version = "0.6.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39281189af81c07ec09db316b302a3e67bf9bd7cbf6c820b50e35fee9c2fa980"
 dependencies = [
 "memchr",
 ]
 [[package]]
 name = "winreg"
 version = "0.52.0"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "l4p"
-version = "0.1.12"
+version = "0.1.9"
 edition = "2021"
 authors = ["Jacob Kiers <code@kiers.eu>"]
 license = "Apache-2.0"
@@ -29,13 +29,12 @@ pico-args = "0.5.0"
 pretty_env_logger = "0.5"
 serde = { version = "1.0", features = ["derive"] }
 serde_yaml = "0.9.21"
-time = { version = "0.3.37", features = ["local-offset", "formatting"] }
+time = { version = "0.3.1", features = ["local-offset", "formatting"] }
-tls-parser = "0.12.2"
+tls-parser = "0.11"
 tokio = { version = "1.0", features = ["full"] }
 url = "2.2.2"
 psl = "2.1"
 [dependencies.self_update]
-version = "0.42.0"
+version = "0.40.0"
 default-features = false
 features = ["rustls"]
--- a/README.md
+++ b/README.md
@@ -31,13 +31,6 @@ $ cargo install l4p
 Or you can download binary file form the Release page.
 ## Features
 - Listen on specific port and proxy to local or remote port
 - SNI-based rule without terminating TLS connection
 - Wildcard SNI matching with DNS-style longest-suffix-match
 - DNS-based backend with periodic resolution
 ## Configuration
 `l4p` will read yaml format configuration file from `/etc/l4p/l4p.yaml`, and you can set custom path to environment variable `L4P_CONFIG`, here is an minimal viable example:
@@ -62,14 +55,6 @@ There are two upstreams built in:
 For detailed configuration, check [this example](./config.yaml.example).
 ### SNI Matching
 The proxy supports both exact and wildcard SNI patterns in the `sni` config. Wildcards use DNS-style longest-suffix-match: more specific patterns take precedence. For example, with `*.example.com` and `*.api.example.com`, request `api.example.com` matches the first, while `v2.api.example.com` matches the second.
 Wildcards are validated against the Public Suffix List (PSL). Known suffixes (`.com`, `.org`) require at least one label below the suffix (`*.example.com` OK, `*.com` rejected). Unknown suffixes (`.local`, `.lan`) are allowed without restriction.
 Invalid wildcard patterns are rejected at config load time with clear error messages.
 ## Thanks
 - [`fourth`](https://crates.io/crates/fourth), of which this is a heavily modified fork.
--- a/config.yaml.example
+++ b/config.yaml.example
@@ -10,9 +10,6 @@ servers:
    sni:
      api.example.org: example-api
      www.example.org: proxy
      *.example.org: wildcard-proxy   # Matches any subdomain of example.org
      *.dev.example.org: dev-proxy    # More specific: matches v2.dev.example.org, etc.
      *.local: local-upstream         # Unknown suffix - allowed (no PSL restriction)
    default: ban
  second-server:
@@ -22,6 +19,3 @@ servers:
 upstream:
  proxy: "tcp://new-www.example.org:443" # Connect over IPv4 or IPv6 to new-www.example.org:443
  example-api: "tcp6://api-v1.example.com:443" # Connect over IPv6 to api-v1.example.com:443
  wildcard-proxy: "tcp://wildcard.example.org:443"
  dev-proxy: "tcp://dev.example.org:443"
  local-upstream: "tcp://localhost:8080"
--- a/scripts/create_release_artifacts.sh
+++ b/scripts/create_release_artifacts.sh
@@ -1,50 +0,0 @@
 #!/usr/bin/env bash
 # vim: set expandtab shiftwidth=4 softtabstop=4 tabstop=4 :
 set -euo pipefail
 if [ -z "${CI_COMMIT_TAG:-}" ]; then
    echo "No commit tag set"
    exit 1
 fi
 DIR=$(realpath $(dirname "${BASH_SOURCE[0]}") )
 echo ${DIR}
 ${DIR}/install_tea.sh linux-amd64 https://gitea.com/api/v1/repos/gitea/tea/releases/latest
 ## Log in to Gitea
 TEA=$(pwd)/tea
 if [ -z "${GITEA_SERVER_URL:-}" ]; then
    if [ -z "${CI_FORGE_URL:-}" ]; then
        echo "Cannot log in to gitea: GITEA_SERVER_URL or CI_FORGE_URL missing"
        exit 1
    fi
    GITEA_SERVER_URL=${CI_FORGE_URL}
 fi
 if [ -z "${GITEA_SERVER_TOKEN:-}" ]; then
    echo "Cannot log in to gitea: GITEA_SERVER_TOKEN missing"
    exit 1
 fi
 if ! ${TEA} login ls | grep ${GITEA_SERVER_URL} 2>&1 > /dev/null || false; then
    ${TEA} login add
 else
    echo "Already logged in to ${GITEA_SERVER_URL}"
 fi
 ## Check and create tag
 if ${TEA} release ls -o json | jq -e --arg tag "${CI_COMMIT_TAG}" 'map(.["tag-_name"]) | index($tag) != null' >/dev/null; then
    echo "Release ${CI_COMMIT_TAG} exists"
 else
    echo "Creating release ${CI_COMMIT_TAG}"
    ${TEA} release create -o json --tag "${CI_COMMIT_TAG}" --title "${CI_COMMIT_TAG}" --draft
 fi
 find $(dirname ${DIR})/artifacts -type f -exec ${TEA} releases assets create -o json ${CI_COMMIT_TAG} {} +
--- a/scripts/install_tea.sh
+++ b/scripts/install_tea.sh
@@ -1,39 +0,0 @@
 #!/usr/bin/env bash
 set -eo pipefail
 if [ -x ./tea ]; then
  echo "tea already installed in current directory"; exit 0
 fi
 platform="${1:-linux-amd64}"
 src="${2:-release.json}"
 # obtain JSON: if src looks like a URL fetch it, otherwise treat as filename (or default file)
 if [[ "$src" =~ ^https?:// ]]; then
  curl -fsSL "$src" -o /tmp/release.json.$$ 
  json="/tmp/release.json.$$"
  trap 'rm -f "$json"' EXIT
 elif [ -f "$src" ]; then
  json="$src"
 else
  echo "release JSON not found; provide a filename or URL as second arg" >&2
  exit 1
 fi
 # read tag and find binary URL (exclude archives/checksums/sigs)
 tag=$(jq -r '.tag_name' "$json")
 url=$(jq -r --arg p "$platform" '.assets[]
  | select(.name | test($p))
  | select(.name | test("\\.(xz|zip|gz|tar|bz2|7z|sha256|sha256sum|sig|asc)$") | not)
  | .browser_download_url' "$json" | head -n1)
 [ -n "$url" ] || { echo "binary not found for $platform" >&2; exit 1; }
 tmp="$(mktemp)"
 trap 'rm -f "$tmp"' EXIT
 curl -fsSL "$url" -o "$tmp"
 mv "$tmp" tea
 chmod +x tea
 echo "Downloaded tag ${tag}: $url -> ./tea"
--- a/src/config/config_v1.rs
+++ b/src/config/config_v1.rs
@@ -1,4 +1,3 @@
 use crate::sni_matcher::SniMatcher;
 use crate::upstreams::ProxyToUpstream;
 use crate::upstreams::Upstream;
 use log::{debug, info, warn};
@@ -13,6 +12,14 @@ pub struct ConfigV1 {
    pub base: ParsedConfigV1,
 }
 #[derive(Debug, Default, Deserialize, Clone)]
 pub struct ParsedConfigV1 {
    pub version: i32,
    pub log: Option<String>,
    pub servers: HashMap<String, ServerConfig>,
    pub upstream: HashMap<String, Upstream>,
 }
 #[derive(Debug, Default, Deserialize, Clone)]
 pub struct BaseConfig {
    pub version: i32,
@@ -21,14 +28,6 @@ pub struct BaseConfig {
    pub upstream: HashMap<String, String>,
 }
 #[derive(Debug, Default, Clone)]
 pub struct ParsedConfigV1 {
    pub version: i32,
    pub log: Option<String>,
    pub servers: HashMap<String, ParsedServerConfig>,
    pub upstream: HashMap<String, Upstream>,
 }
 #[derive(Debug, Default, Deserialize, Clone)]
 pub struct ServerConfig {
    pub listen: Vec<String>,
@@ -37,35 +36,6 @@ pub struct ServerConfig {
    pub sni: Option<HashMap<String, String>>,
    pub default: Option<String>,
 }
 impl ServerConfig {
    pub fn into_parsed(self) -> Result<ParsedServerConfig, Vec<String>> {
        let sni = match self.sni {
            Some(sni_map) => {
                let matcher = SniMatcher::new(sni_map)?;
                Some(matcher)
            }
            None => None,
        };
        Ok(ParsedServerConfig {
            listen: self.listen,
            protocol: self.protocol,
            tls: self.tls,
            sni,
            default: self.default,
        })
    }
 }
 #[derive(Debug, Clone)]
 pub struct ParsedServerConfig {
    pub listen: Vec<String>,
    pub protocol: Option<String>,
    pub tls: Option<bool>,
    pub sni: Option<SniMatcher>,
    pub default: Option<String>,
 }
 impl TryInto<ProxyToUpstream> for &str {
    type Error = ConfigError;
@@ -132,23 +102,12 @@ impl ConfigV1 {
    }
 }
-/// Load and parse configuration from a YAML string.
+fn load_config(path: &str) -> Result<ParsedConfigV1, ConfigError> {
-///
+    let mut contents = String::new();
-/// This public function takes raw YAML content as a string and returns a parsed,
+    let mut file = File::open(path)?;
-/// validated configuration. It performs all validation including:
+    file.read_to_string(&mut contents)?;
-/// - Version checking
+
-/// - SNI pattern validation
+    let base: BaseConfig = serde_yaml::from_str(&contents)?;
 /// - Upstream URL parsing
 /// - Cross-reference validation
 ///
 /// # Arguments
 /// * `yaml_str` - The YAML configuration content as a string
 ///
 /// # Returns
 /// * `Ok(ParsedConfigV1)` - Successfully parsed and validated configuration
 /// * `Err(ConfigError)` - If YAML parsing fails or validation errors occur
 pub fn load_config_from_yaml(yaml_str: &str) -> Result<ParsedConfigV1, ConfigError> {
    let base: BaseConfig = serde_yaml::from_str(yaml_str)?;
    if base.version != 1 {
        return Err(ConfigError::Custom(
@@ -158,12 +117,11 @@ pub fn load_config_from_yaml(yaml_str: &str) -> Result<ParsedConfigV1, ConfigErr
    let log_level = base.log.clone().unwrap_or_else(|| "info".to_string());
    if !log_level.eq("disable") {
-        unsafe {
+        std::env::set_var("FOURTH_LOG", log_level.clone());
-            std::env::set_var("FOURTH_LOG", log_level.clone());
+        pretty_env_logger::init_custom_env("FOURTH_LOG");
            pretty_env_logger::init_custom_env("FOURTH_LOG");
        }
    }
    info!("Using config file: {}", &path);
    debug!("Set log level to {}", log_level);
    debug!("Config version {}", base.version);
@@ -177,50 +135,16 @@ pub fn load_config_from_yaml(yaml_str: &str) -> Result<ParsedConfigV1, ConfigErr
        parsed_upstream.insert(name.to_string(), Upstream::Proxy(ups));
    }
    // Convert ServerConfig to ParsedServerConfig, collecting all SNI validation errors
    let mut all_errors: Vec<String> = Vec::new();
    let mut parsed_servers: HashMap<String, ParsedServerConfig> = HashMap::new();
    for (name, server_config) in base.servers {
        match server_config.into_parsed() {
            Ok(parsed) => {
                parsed_servers.insert(name, parsed);
            }
            Err(errors) => {
                for err in errors {
                    all_errors.push(format!("Server '{}': {}", name, err));
                }
            }
        }
    }
    if !all_errors.is_empty() {
        return Err(ConfigError::Custom(format!(
            "Invalid SNI configuration:\n{}",
            all_errors.join("\n")
        )));
    }
    let parsed = ParsedConfigV1 {
        version: base.version,
        log: base.log,
-        servers: parsed_servers,
+        servers: base.servers,
        upstream: parsed_upstream,
    };
    verify_config(parsed)
 }
 fn load_config(path: &str) -> Result<ParsedConfigV1, ConfigError> {
    let mut contents = String::new();
    let mut file = File::open(path)?;
    file.read_to_string(&mut contents)?;
    info!("Using config file: {}", &path);
    load_config_from_yaml(&contents)
 }
 fn verify_config(config: ParsedConfigV1) -> Result<ParsedConfigV1, ConfigError> {
    let mut used_upstreams: HashSet<String> = HashSet::new();
    let mut upstream_names: HashSet<String> = HashSet::new();
@@ -251,20 +175,14 @@ fn verify_config(config: ParsedConfigV1) -> Result<ParsedConfigV1, ConfigError>
            listen_addresses.insert(listen.to_string());
        }
-        if server.tls.unwrap_or_default() {
+        if server.tls.unwrap_or_default() && server.sni.is_some() {
-            if let Some(matcher) = &server.sni {
+            for (_, val) in server.sni.unwrap() {
-                // Collect all upstream names from the SniMatcher
+                used_upstreams.insert(val.to_string());
                for (_, upstream) in matcher.exact.iter() {
                    used_upstreams.insert(upstream.clone());
                }
                for pattern in &matcher.wildcards {
                    used_upstreams.insert(pattern.upstream.clone());
                }
            }
        }
-        if let Some(default) = &server.default {
+        if server.default.is_some() {
-            used_upstreams.insert(default.clone());
+            used_upstreams.insert(server.default.unwrap().to_string());
        }
        for key in &used_upstreams {
@@ -307,45 +225,4 @@ mod tests {
        assert_eq!(config.base.servers.len(), 3);
        assert_eq!(config.base.upstream.len(), 3 + 2); // Add ban and echo upstreams
    }
    #[test]
    fn test_config_hard_failure_on_invalid_sni() {
        // Test that invalid SNI wildcard (*.com) causes hard failure
        let config_content = r#"version: 1
 log: disable
 servers:
  test_server:
    listen:
      - "127.0.0.1:8443"
    protocol: tcp
    tls: true
    sni:
      "*.com": "upstream1"
    default: ban
 upstream:
  upstream1: tcp://127.0.0.1:9000
 "#;
        let result = load_config_from_yaml(config_content);
        // Should fail with an error
        assert!(result.is_err(), "Expected config to fail with invalid SNI");
        // Verify error message contains helpful information
        match result {
            Err(ConfigError::Custom(msg)) => {
                assert!(
                    msg.contains("Invalid SNI"),
                    "Error message should mention invalid SNI: {}",
                    msg
                );
                assert!(
                    msg.contains("*.com"),
                    "Error message should mention the invalid pattern: {}",
                    msg
                );
            }
            _ => panic!("Expected ConfigError::Custom"),
        }
    }
 }
--- a/src/config/mod.rs
+++ b/src/config/mod.rs
@@ -1,4 +1,3 @@
 mod config_v1;
 pub(crate) use config_v1::ConfigV1;
 pub(crate) use config_v1::ParsedConfigV1;
 pub(crate) use config_v1::ParsedServerConfig;
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,14 +1,12 @@
 mod config;
 mod servers;
 mod sni_matcher;
 mod update;
 mod upstreams;
 use crate::config::ConfigV1;
 use crate::servers::Server;
 use std::io::{stderr, stdout, Write};
-use log::{debug, error};
+use log::{debug, error, info};
 use pico_args::Arguments;
 use std::path::PathBuf;
@@ -18,35 +16,17 @@ fn main() {
    match args.subcommand().expect("Unexpected error").as_deref() {
        Some("serve") => serve(),
        Some("update") => update::update(),
        Some("help") => {
            let _ = print_usage(&mut stdout().lock());
        }
        Some(cmd) => {
            eprintln!("Invalid command: {cmd}");
            std::process::exit(1);
        }
        None => {
            eprintln!("Calling l4p without argument is deprecated now. Please use: l4p serve");
            let _ = print_usage(&mut stderr().lock());
            serve();
        }
    }
 }
 fn print_usage(out: &mut dyn Write) -> std::io::Result<()> {
    writeln!(
        out,
        "{} v{}",
        env!("CARGO_PKG_NAME"),
        env!("CARGO_PKG_VERSION")
    )?;
    writeln!(out, "Usage:")?;
    writeln!(out, "\tupdate\tUpdate l4p to the latest version")?;
    writeln!(out, "\tserve\tServe the proxy")?;
    writeln!(out, "\thelp\tPrint this message")?;
    Ok(())
 }
 fn serve() {
    let config_path = match find_config() {
        Ok(p) => p,
--- a/src/servers/mod.rs
+++ b/src/servers/mod.rs
@@ -9,7 +9,6 @@ mod protocol;
 pub(crate) mod upstream_address;
 use crate::config::ParsedConfigV1;
 use crate::sni_matcher::SniMatcher;
 use crate::upstreams::Upstream;
 use protocol::tcp;
@@ -24,7 +23,7 @@ pub(crate) struct Proxy {
    pub listen: SocketAddr,
    pub protocol: String,
    pub tls: bool,
-    pub sni: Option<SniMatcher>,
+    pub sni: Option<HashMap<String, String>>,
    pub default_action: String,
    pub upstream: HashMap<String, Upstream>,
 }
@@ -135,132 +134,6 @@ mod tests {
        }
    }
    /// Mock server for wildcard SNI test that responds with "tls_wildcard_response" on first read
    #[tokio::main]
    async fn tls_mock_server_wildcard() {
        let server_addr: SocketAddr = "127.0.0.1:54598".parse().unwrap();
        let listener = TcpListener::bind(server_addr).await.unwrap();
        loop {
            let (mut stream, _) = listener.accept().await.unwrap();
            // Read client hello (which will be peeked but not actually read by proxy)
            let mut buf = [0u8; 1024];
            let _ = stream.read(&mut buf).await;
            // Send a response to verify connection succeeded
            let _ = stream.write(b"tls_wildcard_response").await;
            let _ = stream.shutdown().await;
        }
    }
    /// Mock server for SNI test that doesn't match wildcard pattern
    #[tokio::main]
    async fn tls_mock_server_default() {
        let server_addr: SocketAddr = "127.0.0.1:54597".parse().unwrap();
        let listener = TcpListener::bind(server_addr).await.unwrap();
        loop {
            let (mut stream, _) = listener.accept().await.unwrap();
            let mut buf = [0u8; 1024];
            let _ = stream.read(&mut buf).await;
            let _ = stream.write(b"tls_default_response").await;
            let _ = stream.shutdown().await;
        }
    }
    /// Helper function to build a minimal TLS ClientHello with SNI extension
    /// This creates a valid TLS 1.2 ClientHello packet with the specified SNI hostname
    fn build_tls_client_hello(sni_hostname: &str) -> Vec<u8> {
        // TLS record header (9 bytes)
        let mut hello = Vec::new();
        // Record type: Handshake (0x16)
        hello.push(0x16);
        // Version: TLS 1.2 (0x0303)
        hello.extend_from_slice(&[0x03, 0x03]);
        // We'll set the record length later
        let record_length_pos = hello.len();
        hello.extend_from_slice(&[0x00, 0x00]); // Placeholder for record length
        // Handshake message type: ClientHello (0x01)
        hello.push(0x01);
        // We'll set the handshake length later
        let handshake_length_pos = hello.len();
        hello.extend_from_slice(&[0x00, 0x00, 0x00]); // Placeholder for handshake length
        // ClientHello fields
        // Protocol version: TLS 1.2 (0x0303)
        hello.extend_from_slice(&[0x03, 0x03]);
        // Random: 32 bytes (we'll use a fixed pattern)
        hello.extend_from_slice(&[0x00; 32]);
        // Session ID length: 0 (no session)
        hello.push(0x00);
        // Cipher suites length: 2 bytes + cipher suites
        hello.extend_from_slice(&[0x00, 0x02]); // Length of cipher suites list (2 bytes)
        // Cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002F)
        hello.extend_from_slice(&[0x00, 0x2F]);
        // Compression methods length: 1 byte
        hello.push(0x01);
        // Compression method: null (0x00)
        hello.push(0x00);
        // Extensions
        let extensions_start = hello.len();
        // SNI Extension (type 0x0000)
        let mut sni_extension = Vec::new();
        sni_extension.extend_from_slice(&[0x00, 0x00]); // Extension type: server_name
        // Extension length (will be set later)
        let ext_length_pos = sni_extension.len();
        sni_extension.extend_from_slice(&[0x00, 0x00]); // Placeholder
        // Server name list
        let server_name_list_start = sni_extension.len();
        sni_extension.extend_from_slice(&[0x00, 0x00]); // Placeholder for server name list length
        // Server name: host_name(0), length, hostname
        sni_extension.push(0x00); // Name type: host_name
        let hostname_bytes = sni_hostname.as_bytes();
        sni_extension.extend_from_slice(&[(hostname_bytes.len() >> 8) as u8, (hostname_bytes.len() & 0xFF) as u8]);
        sni_extension.extend_from_slice(hostname_bytes);
        // Set server name list length
        let server_name_list_len = sni_extension.len() - server_name_list_start - 2;
        let pos = server_name_list_start;
        sni_extension[pos] = (server_name_list_len >> 8) as u8;
        sni_extension[pos + 1] = (server_name_list_len & 0xFF) as u8;
        // Set extension length
        let ext_len = sni_extension.len() - ext_length_pos - 2;
        sni_extension[ext_length_pos] = (ext_len >> 8) as u8;
        sni_extension[ext_length_pos + 1] = (ext_len & 0xFF) as u8;
        // Add SNI extension to hello
        hello.extend_from_slice(&sni_extension);
        // Set extensions total length
        let extensions_length = hello.len() - extensions_start;
        hello.insert(extensions_start, (extensions_length & 0xFF) as u8);
        hello.insert(extensions_start, (extensions_length >> 8) as u8);
        // Set handshake message length
        let handshake_len = hello.len() - handshake_length_pos - 3;
        hello[handshake_length_pos] = (handshake_len >> 16) as u8;
        hello[handshake_length_pos + 1] = (handshake_len >> 8) as u8;
        hello[handshake_length_pos + 2] = (handshake_len & 0xFF) as u8;
        // Set record length
        let record_len = hello.len() - record_length_pos - 2;
        hello[record_length_pos] = (record_len >> 8) as u8;
        hello[record_length_pos + 1] = (record_len & 0xFF) as u8;
        hello
    }
    #[tokio::test]
    async fn test_proxy() {
        use crate::config::ConfigV1;
@@ -297,118 +170,4 @@ mod tests {
        }
        conn.shutdown().await.unwrap();
    }
    #[tokio::test]
    async fn test_wildcard_sni_routing() {
        // Create test configuration with wildcard SNI pattern
        use crate::upstreams::Upstream;
        use std::collections::HashMap;
        // Start mock servers for upstreams
        thread::spawn(move || {
            tls_mock_server_wildcard();
        });
        thread::spawn(move || {
            tls_mock_server_default();
        });
        sleep(Duration::from_millis(500)); // wait for mock servers to start
        // Create inline configuration
        let mut config = crate::config::ParsedConfigV1 {
            version: 1,
            log: Some("disable".to_string()),
            servers: HashMap::new(),
            upstream: HashMap::new(),
        };
        // Add upstreams
        config.upstream.insert(
            "wildcard_upstream".to_string(),
            Upstream::Proxy(crate::upstreams::ProxyToUpstream::new(
                "127.0.0.1:54598".to_string(),
                "tcp".to_string(),
            )),
        );
        config.upstream.insert(
            "default_upstream".to_string(),
            Upstream::Proxy(crate::upstreams::ProxyToUpstream::new(
                "127.0.0.1:54597".to_string(),
                "tcp".to_string(),
            )),
        );
        // Add TLS server with wildcard SNI pattern
        let mut sni_map = HashMap::new();
        sni_map.insert("*.api.example.com".to_string(), "wildcard_upstream".to_string());
        let server_config = crate::config::ParsedServerConfig {
            listen: vec!["127.0.0.1:54595".to_string()],
            protocol: Some("tcp".to_string()),
            tls: Some(true),
            sni: Some(crate::sni_matcher::SniMatcher::new(sni_map).unwrap()),
            default: Some("default_upstream".to_string()),
        };
        config.servers.insert("wildcard_test_server".to_string(), server_config);
        // Start proxy server
        let mut server = Server::new_from_v1_config(config);
        thread::spawn(move || {
            let _ = server.run();
        });
        sleep(Duration::from_secs(1)); // wait for proxy to start
        // Test 1: Send ClientHello with SNI matching wildcard pattern
        // Expected: Should route to wildcard_upstream (127.0.0.1:54598)
        let client_hello = build_tls_client_hello("app.api.example.com");
        let mut conn = tokio::net::TcpStream::connect("127.0.0.1:54595")
            .await
            .unwrap();
        let _ = conn.write(&client_hello).await.unwrap();
        let mut response = [0u8; 21];
        let n = conn.read(&mut response).await.unwrap();
        assert!(n > 0, "Should receive response from wildcard upstream");
        assert_eq!(
            &response[..n],
            b"tls_wildcard_response",
            "Should receive expected response from wildcard upstream"
        );
        conn.shutdown().await.unwrap();
        // Test 2: Send ClientHello with SNI not matching any pattern
        // Expected: Should route to default_upstream (127.0.0.1:54597)
        let client_hello_nomatch = build_tls_client_hello("unrelated.example.com");
        let mut conn = tokio::net::TcpStream::connect("127.0.0.1:54595")
            .await
            .unwrap();
        let _ = conn.write(&client_hello_nomatch).await.unwrap();
        let mut response = [0u8; 20];
        let n = conn.read(&mut response).await.unwrap();
        assert!(n > 0, "Should receive response from default upstream");
        assert_eq!(
            &response[..n],
            b"tls_default_response",
            "Should receive expected response from default upstream"
        );
        conn.shutdown().await.unwrap();
        // Test 3: Send ClientHello with another SNI matching wildcard pattern
        let client_hello_match2 = build_tls_client_hello("v2.api.example.com");
        let mut conn = tokio::net::TcpStream::connect("127.0.0.1:54595")
            .await
            .unwrap();
        let _ = conn.write(&client_hello_match2).await.unwrap();
        let mut response = [0u8; 21];
        let n = conn.read(&mut response).await.unwrap();
        assert!(n > 0, "Should receive response from wildcard upstream for second match");
        assert_eq!(
            &response[..n],
            b"tls_wildcard_response",
            "Should receive expected response from wildcard upstream for second match"
        );
        conn.shutdown().await.unwrap();
    }
 }
--- a/src/servers/protocol/tcp.rs
+++ b/src/servers/protocol/tcp.rs
@@ -1,4 +1,4 @@
-use crate::servers::protocol::tls::determine_upstream_name;
+use crate::servers::protocol::tls::get_sni;
 use crate::servers::Proxy;
 use log::{debug, error, info, warn};
 use std::error::Error;
@@ -35,7 +35,29 @@ async fn accept(inbound: TcpStream, proxy: Arc<Proxy>) -> Result<(), Box<dyn Err
    let upstream_name = match proxy.tls {
        false => proxy.default_action.clone(),
-        true => determine_upstream_name(&inbound, &proxy).await?,
+        true => {
            let mut hello_buf = [0u8; 1024];
            inbound.peek(&mut hello_buf).await?;
            let snis = get_sni(&hello_buf);
            if snis.is_empty() {
                proxy.default_action.clone()
            } else {
                match proxy.sni.clone() {
                    Some(sni_map) => {
                        let mut upstream = proxy.default_action.clone();
                        for sni in snis {
                            let m = sni_map.get(&sni);
                            if m.is_some() {
                                upstream = m.unwrap().clone();
                                break;
                            }
                        }
                        upstream
                    }
                    None => proxy.default_action.clone(),
                }
            }
        }
    };
    debug!("Upstream: {}", upstream_name);
--- a/src/servers/protocol/tls.rs
+++ b/src/servers/protocol/tls.rs
@@ -1,17 +1,10 @@
-use crate::servers::Proxy;
+use log::{debug, warn};
 use log::{debug, error, trace, warn};
 use std::error::Error;
 use std::io; // Import io for ErrorKind
 use std::sync::Arc;
 use std::time::Duration; // For potential delays
 use tls_parser::{
    parse_tls_extensions, parse_tls_raw_record, parse_tls_record_with_header, TlsMessage,
    TlsMessageHandshake,
 };
 use tokio::net::TcpStream;
 use tokio::time::timeout; // Use timeout for peek operations
-fn get_sni(buf: &[u8]) -> Vec<String> {
+pub fn get_sni(buf: &[u8]) -> Vec<String> {
    let mut snis: Vec<String> = Vec::new();
    match parse_tls_raw_record(buf) {
        Ok((_, ref r)) => match parse_tls_record_with_header(r.data, &r.hdr) {
@@ -60,247 +53,10 @@ fn get_sni(buf: &[u8]) -> Vec<String> {
    snis
 }
 // Timeout duration for waiting for TLS Hello data
 const TLS_PEEK_TIMEOUT: Duration = Duration::from_secs(5); // Adjust as needed
 pub(crate) async fn determine_upstream_name(
    inbound: &TcpStream,
    proxy: &Arc<Proxy>,
 ) -> Result<String, Box<dyn Error>> {
    let default_upstream = proxy.default_action.clone();
    let mut header = [0u8; 9];
    // --- Step 1: Peek the initial header (9 bytes) with timeout ---
    match timeout(TLS_PEEK_TIMEOUT, async {
        loop {
            match inbound.peek(&mut header).await {
                Ok(n) if n >= header.len() => return Ok::<usize, io::Error>(n), // Got enough bytes
                Ok(0) => {
                    // Connection closed cleanly before sending enough data
                    trace!("Connection closed while peeking for TLS header");
                    return Err(io::Error::new(
                        io::ErrorKind::UnexpectedEof,
                        "Connection closed while peeking for TLS header",
                    )
                    .into()); // Convert to Box<dyn Error>
                }
                Ok(_) => {
                    // Not enough bytes yet, yield and loop again
                    tokio::task::yield_now().await;
                }
                Err(ref e) if e.kind() == io::ErrorKind::WouldBlock => {
                    // Should not happen with await, but yield defensively
                    tokio::task::yield_now().await;
                }
                Err(e) => {
                    // Other I/O error
                    warn!("Error peeking for TLS header: {}", e);
                    return Err(e.into()); // Convert to Box<dyn Error>
                }
            }
        }
    })
    .await
    {
        Ok(Ok(_)) => { /* Header peeked successfully */ }
        Ok(Err(e)) => {
            // Inner loop returned an error (e.g., EOF, IO error)
            trace!("Failed to peek header (inner error): {}", e);
            return Ok(default_upstream); // Fallback on error/EOF
        }
        Err(_) => {
            // Timeout occurred
            error!("Timeout waiting for TLS header");
            return Ok(default_upstream); // Fallback on timeout
        }
    }
    // --- Step 2: Calculate required size ---
    let required_bytes = match client_hello_buffer_size(&header) {
        Ok(size) => size,
        Err(e) => {
            // Header was invalid or not a ClientHello
            trace!("Could not determine required buffer size: {}", e);
            return Ok(default_upstream);
        }
    };
    // Basic sanity check on size
    if required_bytes > 16384 + 9 {
        // TLS max record size + header approx
        error!(
            "Calculated required TLS buffer size is too large: {}",
            required_bytes
        );
        return Ok(default_upstream);
    }
    // --- Step 3: Peek the full ClientHello with timeout ---
    let mut hello_buf = vec![0; required_bytes];
    match timeout(TLS_PEEK_TIMEOUT, async {
        let mut total_peeked = 0;
        loop {
            // Peek into the portion of the buffer that hasn't been filled yet.
            match inbound.peek(&mut hello_buf[total_peeked..]).await {
                Ok(0) => {
                    // Connection closed cleanly before sending full ClientHello
                    trace!(
                        "Connection closed while peeking for full ClientHello (peeked {}/{} bytes)",
                        total_peeked,
                        required_bytes
                    );
                    return Err::<usize, io::Error>(
                        io::Error::new(
                            io::ErrorKind::UnexpectedEof,
                            "Connection closed while peeking for full ClientHello",
                        )
                        .into(),
                    );
                }
                Ok(n) => {
                    total_peeked += n;
                    if total_peeked >= required_bytes {
                        trace!("Successfully peeked {} bytes for ClientHello", total_peeked);
                        return Ok(total_peeked); // Got enough
                    } else {
                        // Not enough bytes yet, yield and loop again
                        trace!(
                            "Peeked {}/{} bytes for ClientHello, waiting for more...",
                            total_peeked,
                            required_bytes
                        );
                        tokio::task::yield_now().await;
                    }
                }
                Err(ref e) if e.kind() == io::ErrorKind::WouldBlock => {
                    tokio::task::yield_now().await;
                }
                Err(e) => {
                    warn!("Error peeking for full ClientHello: {}", e);
                    return Err(e.into());
                }
            }
        }
    })
    .await
    {
        Ok(Ok(_)) => { /* Full hello peeked successfully */ }
        Ok(Err(e)) => {
            error!("Could not peek full ClientHello (inner error): {}", e);
            return Ok(default_upstream); // Fallback on error/EOF
        }
        Err(_) => {
            error!(
                "Timeout waiting for full ClientHello (needed {} bytes)",
                required_bytes
            );
            return Ok(default_upstream); // Fallback on timeout
        }
    }
    // --- Step 4: Parse SNI ---
    let snis = get_sni(&hello_buf);
    // --- Step 5: Determine upstream based on SNI ---
    if snis.is_empty() {
        debug!("No SNI found in ClientHello, using default upstream.");
        return Ok(default_upstream);
    }
    if let Some(matcher) = &proxy.sni {
        for sni in snis {
            if let Some(upstream) = matcher.match_sni(&sni) {
                debug!(
                    "Found matching SNI '{}', routing to upstream: {}",
                    sni, upstream
                );
                return Ok(upstream);
            } else {
                trace!("SNI '{}' not found in matcher.", sni);
            }
        }
        debug!("SNI(s) found but none matched configuration, using default upstream.");
    } else {
        debug!("SNI found but no SNI matcher configured, using default upstream.");
    }
    Ok(default_upstream)
 }
 fn client_hello_buffer_size(data: &[u8]) -> Result<usize, String> {
    // TLS record header
    // -----------------
    // byte   0: rec type (should be 0x16 == Handshake)
    // byte 1-2: version (should be 0x3000 < v < 0x3003)
    // byte 3-4: rec len
    if data.len() < 9 {
        trace!("Not enough bytes to even check the TLS header.");
        return Err("Not enough bytes to even check the TLS header.".into());
    }
    if data[0] != 0x16 {
        trace!("Not a TLS handshake.");
        return Err("Not a TLS handshake.".into());
    }
    // Check the record length
    let record_length = ((data[3] as u16) << 8) | (data[4] as u16);
    if record_length == 0 || record_length > 16384 {
        trace!("Client send invalid header: way too long record header.");
        return Err("Client send invalid header: way too long record header.".into());
    }
    // Handshake record header
    // -----------------------
    // byte   5: hs msg type (should be 0x01 == client_hello)
    // byte 6-8: hs msg len
    if data[5] != 0x01 {
        trace!("Not a ClientHello message");
        return Err("Not a ClientHello message".into());
    }
    // Check the handshake message length
    let handshake_length =
        ((data[6] as usize) << 16) | ((data[7] as usize) << 8) | (data[8] as usize);
    if handshake_length <= 0 || handshake_length > (record_length - 4).into() {
        warn!("Invalid client hello length (fragmentation not implemented)");
        return Err("Invalid client hello length (fragmentation not implemented)".into());
    }
    // Calculate the handshake length and return it
    Ok(handshake_length + 9)
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    #[test]
    fn test_too_little_data_end() {
        let length = client_hello_buffer_size(&TOO_LITTLE_DATA_END);
        if length.is_ok() {
            assert!(false);
        }
        let msg = length.unwrap_err();
        dbg!(msg);
        assert!(true);
    }
    #[test]
    fn test_too_little_data_start() {
        let length = client_hello_buffer_size(&TOO_LITTLE_DATA_START);
        assert!(length.is_ok());
        assert_eq!(1712, length.unwrap())
    }
    #[test]
    fn test_sni_extract() {
        const BUF: [u8; 517] = [
@@ -343,454 +99,6 @@ mod tests {
            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        ];
        let sni = get_sni(&BUF);
-        assert_eq!(sni[0], *"www.lirui.tech");
+        assert!(sni[0] == *"www.lirui.tech");
    }
    #[test]
    fn test_sni_extract_tiny() {
        const BUF: [u8; 1712] = [
            0x16, 0x03, 0x01, 0x06, 0xab, 0x01, 0x00, 0x06, // |........|
            0xa7, 0x03, 0x03, 0x84, 0x53, 0xb2, 0xd7, 0x37, // |....S..7|
            0xcd, 0x27, 0xda, 0xf4, 0x70, 0xd8, 0x78, 0x26, // |.'..p.x&|
            0x34, 0x7f, 0xe3, 0xa7, 0x5d, 0xfe, 0x97, 0x29, // |4...]..)|
            0x89, 0x29, 0xa2, 0xd8, 0x62, 0x05, 0x7b, 0x13, // |.)..b.{.|
            0xcf, 0x4b, 0x13, 0x20, 0x5b, 0x74, 0x4e, 0x23, // |.K. [tN#|
            0x90, 0x08, 0x5a, 0x43, 0xbf, 0xe0, 0x0d, 0xeb, // |..ZC....|
            0x8a, 0xc8, 0x4d, 0x14, 0x1e, 0x35, 0x43, 0x04, // |..M..5C.|
            0x36, 0x32, 0xdc, 0x71, 0xff, 0xcc, 0xb3, 0x5b, // |62.q...[|
            0x63, 0x4b, 0x2b, 0xee, 0x00, 0x20, 0xba, 0xba, // |cK+.. ..|
            0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2b, // |.......+|
            0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30, 0xcc, 0xa9, // |./.,.0..|
            0xcc, 0xa8, 0xc0, 0x13, 0xc0, 0x14, 0x00, 0x9c, // |........|
            0x00, 0x9d, 0x00, 0x2f, 0x00, 0x35, 0x01, 0x00, // |.../.5..|
            0x06, 0x3e, 0x7a, 0x7a, 0x00, 0x00, 0x00, 0x0a, // |.>zz....|
            0x00, 0x0c, 0x00, 0x0a, 0xda, 0xda, 0x11, 0xec, // |........|
            0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0xff, 0x01, // |........|
            0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, // |........|
            0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, // |........|
            0x68, 0x61, 0x2e, 0x68, 0x6f, 0x6d, 0x65, 0x2e, // |ha.home.|
            0x6b, 0x69, 0x65, 0x2e, 0x72, 0x73, 0xfe, 0x0d, // |kie.rs..|
            0x00, 0xba, 0x00, 0x00, 0x01, 0x00, 0x01, 0x11, // |........|
            0x00, 0x20, 0xf7, 0xf4, 0x20, 0xc8, 0xb7, 0xeb, // |. .. ...|
            0xf1, 0x2d, 0x8b, 0x30, 0x2c, 0xc8, 0x5e, 0xd3, // |.-.0,.^.|
            0xa3, 0x02, 0x38, 0xf2, 0x41, 0xf7, 0x3f, 0x2d, // |..8.A.?-|
            0xb4, 0xf0, 0xd7, 0x3b, 0xe5, 0x19, 0x3f, 0xc3, // |...;..?.|
            0xae, 0x1f, 0x00, 0x90, 0x27, 0x8d, 0x4c, 0xc9, // |....'.L.|
            0xb3, 0xd1, 0x63, 0x20, 0xe4, 0x33, 0x18, 0x56, // |..c .3.V|
            0xd5, 0x9b, 0xd5, 0xf9, 0xf2, 0x94, 0x1d, 0xe4, // |........|
            0xa6, 0x88, 0x47, 0xd2, 0x85, 0x4f, 0xf4, 0x30, // |..G..O.0|
            0x22, 0xff, 0x67, 0x80, 0x60, 0x33, 0x17, 0xa0, // |".g.`3..|
            0x4f, 0xdb, 0x98, 0x53, 0x00, 0xa4, 0xc8, 0x89, // |O..S....|
            0xb8, 0x1b, 0x3f, 0xbd, 0xdf, 0xeb, 0x48, 0x1a, // |..?...H.|
            0xa1, 0x33, 0xd7, 0xc1, 0x8d, 0x76, 0xf2, 0xcf, // |.3...v..|
            0xbe, 0x30, 0x1d, 0xcd, 0x3a, 0xfe, 0xf1, 0xb0, // |.0..:...|
            0x86, 0xbc, 0x28, 0x74, 0x78, 0xa1, 0x9a, 0x60, // |..(tx..`|
            0x14, 0xfe, 0x12, 0x92, 0x4d, 0xb5, 0x9e, 0x85, // |....M...|
            0x79, 0x62, 0x9c, 0x68, 0x73, 0xc6, 0x0e, 0xe5, // |yb.hs...|
            0xad, 0x5b, 0xe2, 0x69, 0x00, 0xc0, 0x26, 0x24, // |.[.i..&$|
            0x88, 0xfa, 0x22, 0x29, 0x36, 0x7b, 0x16, 0x59, // |..")6{.Y|
            0x48, 0xbe, 0xf9, 0x1c, 0x86, 0x55, 0xcb, 0x67, // |H....U.g|
            0xae, 0xb6, 0x7b, 0x69, 0x3e, 0xd0, 0x48, 0x31, // |..{i>.H1|
            0x58, 0x8a, 0xd8, 0xba, 0x06, 0x21, 0xf0, 0xd4, // |X....!..|
            0x4e, 0xef, 0xcf, 0x67, 0xc5, 0x63, 0x97, 0x59, // |N..g.c.Y|
            0x95, 0x12, 0x47, 0x90, 0x00, 0x2d, 0x00, 0x02, // |..G..-..|
            0x01, 0x01, 0x00, 0x10, 0x00, 0x0b, 0x00, 0x09, // |........|
            0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, // |.http/1.|
            0x31, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, // |1.......|
            0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, // |........|
            0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x00, // |........|
            0x2b, 0x00, 0x07, 0x06, 0x0a, 0x0a, 0x03, 0x04, // |+.......|
            0x03, 0x03, 0x00, 0x23, 0x00, 0x00, 0x00, 0x12, // |...#....|
            0x00, 0x00, 0x00, 0x1b, 0x00, 0x03, 0x02, 0x00, // |........|
            0x02, 0x00, 0x33, 0x04, 0xef, 0x04, 0xed, 0xda, // |..3.....|
            0xda, 0x00, 0x01, 0x00, 0x11, 0xec, 0x04, 0xc0, // |........|
            0xc6, 0x12, 0x85, 0x0b, 0xba, 0x73, 0x9d, 0x00, // |.....s..|
            0x29, 0x08, 0x40, 0x3a, 0xb8, 0xfc, 0x9e, 0x99, // |).@:....|
            0x25, 0xbd, 0x60, 0xb6, 0x8a, 0x56, 0x51, 0xac, // |%.`..VQ.|
            0x38, 0xa3, 0x15, 0x37, 0x21, 0x80, 0x86, 0x02, // |8..7!...|
            0xb2, 0x10, 0x4b, 0x29, 0xeb, 0x37, 0x04, 0x47, // |..K).7.G|
            0x16, 0x12, 0x0e, 0x63, 0x2d, 0x32, 0xf6, 0x2a, // |...c-2.*|
            0x86, 0x09, 0x7b, 0x41, 0x28, 0x8c, 0xcf, 0xfa, // |..{A(...|
            0x08, 0x2e, 0x0c, 0xb2, 0x55, 0xb4, 0xb4, 0xd2, // |....U...|
            0x76, 0x38, 0x47, 0x44, 0x78, 0xf0, 0x01, 0xb6, // |v8GDx...|
            0xee, 0xf0, 0x1f, 0x4b, 0xc5, 0x6b, 0xb3, 0x93, // |...K.k..|
            0x4d, 0xa5, 0x25, 0x29, 0xda, 0x33, 0x1e, 0xc5, // |M.%).3..|
            0x15, 0x98, 0xf5, 0x41, 0x3e, 0xd2, 0xf7, 0x82, // |...A>...|
            0xd7, 0xbb, 0x56, 0xf0, 0x86, 0x29, 0xa3, 0x56, // |..V..).V|
            0x25, 0xdc, 0xaa, 0x03, 0xaa, 0x28, 0xa7, 0x2b, // |%....(.+|
            0xc0, 0x41, 0xca, 0x66, 0x3e, 0xcc, 0x21, 0x40, // |.A.f>.!@|
            0x60, 0x34, 0x5f, 0x9f, 0x69, 0x37, 0xac, 0x30, // |`4_.i7.0|
            0x06, 0x7a, 0xf9, 0x26, 0xfe, 0x3c, 0x13, 0x05, // |.z.&.<..|
            0xf6, 0xbe, 0x5f, 0x0c, 0x9a, 0x43, 0x18, 0xa2, // |.._..C..|
            0xd9, 0xc5, 0xa0, 0x06, 0x0b, 0x0a, 0x21, 0xf1, // |......!.|
            0x6b, 0x12, 0x4a, 0x5d, 0xec, 0xf6, 0x01, 0x30, // |k.J]...0|
            0xb6, 0x3b, 0x34, 0x62, 0xcd, 0x5a, 0x6a, 0x26, // |.;4b.Zj&|
            0x08, 0x98, 0xc9, 0xd0, 0x8a, 0x49, 0x94, 0x07, // |.....I..|
            0x48, 0x45, 0x78, 0x45, 0xae, 0x24, 0x2b, 0x83, // |HExE.$+.|
            0xb6, 0x69, 0x6c, 0x20, 0x33, 0xa9, 0xc4, 0x8e, // |.il 3...|
            0xe7, 0x1a, 0x90, 0x28, 0xc6, 0x3f, 0x16, 0xf2, // |...(.?..|
            0xae, 0x3e, 0x22, 0x17, 0x26, 0x9c, 0x38, 0xf5, // |.>".&.8.|
            0x88, 0x60, 0x79, 0x16, 0x28, 0xce, 0x05, 0x72, // |.`y.(..r|
            0x2f, 0x64, 0x99, 0xdd, 0x8c, 0x5b, 0xa6, 0xe2, // |/d...[..|
            0x65, 0x8a, 0xe2, 0x8d, 0xb6, 0x24, 0x9e, 0x6d, // |e....$.m|
            0x5a, 0x70, 0xfd, 0xea, 0xca, 0xec, 0x77, 0x46, // |Zp....wF|
            0x20, 0xa8, 0x1f, 0x78, 0xf6, 0x34, 0x52, 0x13, // | ..x.4R.|
            0x97, 0xef, 0x60, 0xb9, 0xe5, 0xc6, 0x85, 0xf2, // |..`.....|
            0x84, 0x64, 0xdc, 0x08, 0x07, 0xe2, 0x63, 0xa6, // |.d....c.|
            0x23, 0x64, 0x54, 0xb8, 0x72, 0xac, 0x23, 0xda, // |#dT.r.#.|
            0x8f, 0x73, 0xe4, 0x9b, 0x80, 0x77, 0x66, 0x3f, // |.s...wf?|
            0x69, 0x34, 0xc4, 0xfb, 0x45, 0x3d, 0x1c, 0xa7, // |i4..E=..|
            0x86, 0x98, 0x2e, 0xb4, 0xe0, 0x84, 0xb6, 0x47, // |.......G|
            0x78, 0xeb, 0x2b, 0x10, 0x17, 0x45, 0x8a, 0xcf, // |x.+..E..|
            0xea, 0xb5, 0x58, 0x42, 0x93, 0xbe, 0x4b, 0xad, // |..XB..K.|
            0xfb, 0x28, 0x11, 0x12, 0xe0, 0x7c, 0x3d, 0x34, // |.(...|=4|
            0x8c, 0x82, 0x07, 0x84, 0xda, 0x8b, 0x35, 0x86, // |......5.|
            0x37, 0x35, 0x1d, 0x1a, 0xa2, 0xbf, 0x0a, 0xb4, // |75......|
            0x8e, 0xf0, 0x91, 0xc4, 0xa8, 0x3f, 0x38, 0x03, // |.....?8.|
            0x37, 0xc1, 0x9a, 0x94, 0x43, 0x09, 0x57, 0xee, // |7...C.W.|
            0xaa, 0xcb, 0x3d, 0x13, 0xa2, 0x33, 0xd1, 0x04, // |..=..3..|
            0x2c, 0x6c, 0xb4, 0x1c, 0x86, 0x07, 0x0c, 0x3c, // |,l.....<|
            0x5c, 0xc9, 0x8c, 0xc8, 0x1a, 0x85, 0xa6, 0xdd, // |\.......|
            0xd3, 0xc5, 0xae, 0x84, 0x4d, 0xfe, 0xa2, 0x99, // |....M...|
            0xd3, 0x0b, 0x1f, 0x43, 0x01, 0xa6, 0x7b, 0xb2, // |...C..{.|
            0x5b, 0xd5, 0xa0, 0x3e, 0xd4, 0x6c, 0x65, 0x75, // |[..>.leu|
            0x55, 0x28, 0x4d, 0x1c, 0x28, 0x86, 0xda, 0x94, // |U(M.(...|
            0xbe, 0x0a, 0x99, 0x61, 0xa4, 0x88, 0xd9, 0x6a, // |...a...j|
            0x20, 0x1d, 0x78, 0x45, 0x5f, 0x66, 0xcc, 0x8c, // | .xE_f..|
            0xe1, 0xba, 0x4c, 0x51, 0x99, 0x54, 0x27, 0x77, // |..LQ.T'w|
            0xb4, 0x84, 0x61, 0x4e, 0xf9, 0x90, 0x6f, 0x19, // |..aN..o.|
            0x44, 0x93, 0x27, 0x1d, 0x95, 0x82, 0x74, 0x7f, // |D.'...t.|
            0x35, 0xaf, 0x04, 0xe4, 0x58, 0x41, 0x3a, 0x51, // |5...XA:Q|
            0x0b, 0x22, 0x45, 0xaf, 0x44, 0x2a, 0xe9, 0xa3, // |."E.D*..|
            0x71, 0x65, 0x15, 0x22, 0xea, 0x40, 0x10, 0xaf, // |qe.".@..|
            0x5b, 0x27, 0xfc, 0x02, 0x00, 0x23, 0xa3, 0x70, // |['...#.p|
            0xa9, 0x6c, 0xa7, 0xf7, 0x29, 0x5c, 0x75, 0x9b, // |.l..)\u.|
            0x4c, 0x23, 0x14, 0x51, 0x12, 0x62, 0x71, 0xbb, // |L#.Q.bq.|
            0x75, 0x64, 0x65, 0xb3, 0xaa, 0x1e, 0x10, 0x14, // |ude.....|
            0xbf, 0xd0, 0x8b, 0xe0, 0xe4, 0x51, 0x6e, 0xa8, // |.....Qn.|
            0x1a, 0x95, 0x21, 0xa9, 0x9f, 0xf7, 0x2a, 0xac, // |..!...*.|
            0x5c, 0x1c, 0x12, 0xac, 0x9d, 0xac, 0x57, 0x14, // |\.....W.|
            0x27, 0xaa, 0xa7, 0xee, 0xc3, 0x9d, 0x63, 0x48, // |'.....cH|
            0x0e, 0xd7, 0xf8, 0x92, 0x9f, 0x28, 0xb9, 0x82, // |.....(..|
            0x71, 0x99, 0xa1, 0xcb, 0x69, 0x0c, 0x29, 0x7d, // |q...i.)}|
            0x67, 0x73, 0xae, 0x9d, 0xd7, 0xc7, 0x51, 0x7a, // |gs....Qz|
            0x2c, 0x3a, 0x74, 0x89, 0x7d, 0x76, 0x35, 0xb5, // |,:t.}v5.|
            0x97, 0x73, 0x4a, 0xfc, 0x29, 0x9a, 0x1a, 0x06, // |.sJ.)...|
            0x2f, 0xd0, 0x89, 0x32, 0xfc, 0x3b, 0x17, 0xec, // |/..2.;..|
            0x7a, 0xb5, 0x3c, 0x66, 0x0f, 0x43, 0x55, 0x41, // |z.<f.CUA|
            0x49, 0x3f, 0xbf, 0xa1, 0x6f, 0x8a, 0x05, 0x76, // |I?..o..v|
            0xd4, 0x02, 0x33, 0x52, 0x78, 0xc8, 0x08, 0xe9, // |..3Rx...|
            0x49, 0xb8, 0x42, 0x05, 0xed, 0x34, 0x0a, 0xb1, // |I.B..4..|
            0xa8, 0x32, 0x00, 0x6b, 0x00, 0x42, 0x56, 0x8a, // |.2.k.BV.|
            0xe9, 0x04, 0x7a, 0xac, 0xc8, 0x72, 0x7f, 0x40, // |..z..r.@|
            0x4c, 0xd6, 0xa9, 0x34, 0x0b, 0xc3, 0x63, 0x39, // |L..4..c9|
            0x21, 0xbf, 0x04, 0xb0, 0x2b, 0x81, 0xf9, 0x07, // |!...+...|
            0xe6, 0x15, 0x92, 0x89, 0x9b, 0x1e, 0xe6, 0x4b, // |.......K|
            0x5b, 0x0b, 0x33, 0x5f, 0x89, 0x96, 0xa2, 0x74, // |[.3_...t|
            0x41, 0x6b, 0x15, 0xe8, 0x8a, 0x62, 0xf5, 0x1c, // |Ak...b..|
            0x37, 0x38, 0x62, 0x77, 0xd4, 0x57, 0x7b, 0x43, // |78bw.W{C|
            0x42, 0x4f, 0x01, 0x9c, 0xf2, 0xe0, 0x68, 0xb7, // |BO....h.|
            0xf1, 0x66, 0x93, 0xd8, 0x8e, 0x78, 0x80, 0x24, // |.f...x.$|
            0x4c, 0x61, 0x11, 0xbb, 0xf2, 0x79, 0xf7, 0x96, // |La...y..|
            0x02, 0x80, 0xaa, 0xc7, 0xcd, 0xbb, 0x55, 0x03, // |......U.|
            0x22, 0x5e, 0xda, 0xa2, 0x44, 0x7d, 0x82, 0x41, // |"^..D}.A|
            0x86, 0x9b, 0x92, 0x0a, 0xd5, 0x7e, 0xf2, 0x78, // |.....~.x|
            0x84, 0x50, 0x00, 0x2d, 0x0b, 0xab, 0x92, 0x7a, // |.P.-...z|
            0x96, 0x15, 0xcf, 0x5a, 0x34, 0x45, 0x35, 0xa7, // |...Z4E5.|
            0x18, 0x61, 0x2b, 0x88, 0x45, 0xaa, 0xd3, 0xe2, // |.a+.E...|
            0x54, 0xf9, 0xc7, 0xbb, 0xe7, 0x00, 0x86, 0xbd, // |T.......|
            0x8b, 0xbb, 0x6d, 0x3b, 0x0f, 0x8d, 0xfb, 0x4d, // |..m;...M|
            0x5d, 0x8b, 0x50, 0x2e, 0x68, 0x74, 0x5d, 0x03, // |].P.ht].|
            0x16, 0x2a, 0x49, 0x24, 0x54, 0x5b, 0xa9, 0x34, // |.*I$T[.4|
            0x25, 0x17, 0x79, 0xe3, 0xc3, 0x3a, 0x2a, 0x12, // |%.y..:*.|
            0x75, 0x64, 0x16, 0xa4, 0xb7, 0x7e, 0x39, 0x5a, // |ud...~9Z|
            0x4e, 0x3e, 0x53, 0x2b, 0x49, 0x1b, 0x26, 0xdf, // |N>S+I.&.|
            0xfc, 0x29, 0x99, 0xcb, 0xad, 0x29, 0x2c, 0x72, // |.)...),r|
            0x3f, 0xa7, 0xcb, 0x45, 0x4c, 0x14, 0xee, 0x46, // |?..EL..F|
            0x74, 0x64, 0xdb, 0x4b, 0x4b, 0xa4, 0x35, 0x3c, // |td.KK.5<|
            0x91, 0xc4, 0x9b, 0xb0, 0x66, 0xc6, 0x70, 0xb6, // |....f.p.|
            0xf2, 0x07, 0x3b, 0xbf, 0x74, 0x72, 0xb4, 0x24, // |..;.tr.$|
            0x7e, 0x87, 0xd4, 0x0a, 0x37, 0xd9, 0x49, 0x04, // |~...7.I.|
            0x09, 0x36, 0xd1, 0x63, 0x88, 0xe1, 0xe8, 0x08, // |.6.c....|
            0xbf, 0x17, 0xc4, 0xcd, 0xcb, 0x3c, 0xef, 0x88, // |.....<..|
            0x2c, 0xf6, 0xa3, 0x6d, 0x89, 0x39, 0xc9, 0xfe, // |,..m.9..|
            0x97, 0x25, 0xb3, 0x9a, 0x02, 0x40, 0xd4, 0x90, // |.%...@..|
            0x28, 0x6a, 0x79, 0xbd, 0x4b, 0x8e, 0x10, 0x18, // |(jy.K...|
            0xc9, 0xaf, 0xe9, 0xc0, 0x6e, 0xd5, 0xb1, 0xcf, // |....n...|
            0xe8, 0xa4, 0xdc, 0x94, 0x12, 0x82, 0xfb, 0x08, // |........|
            0x42, 0xd4, 0x1a, 0x76, 0xa2, 0x4b, 0x3f, 0xc3, // |B..v.K?.|
            0xb4, 0x0b, 0xa3, 0x0c, 0xec, 0x19, 0x7c, 0x5f, // |......|_|
            0xd5, 0x98, 0x99, 0xf4, 0x1a, 0xca, 0x83, 0xaa, // |........|
            0xbd, 0x26, 0x31, 0x95, 0x77, 0x90, 0x43, 0x7a, // |.&1.w.Cz|
            0x75, 0x15, 0xcb, 0x68, 0xae, 0x24, 0xc5, 0x1b, // |u..h.$..|
            // Cutoff here.
            0x8c, 0x49, 0xbe, 0xfc, 0x61, 0x54, 0xd7, 0x18, // |.I..aT..|
            0x9d, 0x21, 0x10, 0x14, 0xe2, 0x6d, 0x5b, 0x4b, // |.!...m[K|
            0xb0, 0x94, 0xaa, 0x6e, 0xd5, 0x7b, 0xba, 0x6e, // |...n.{.n|
            0xe0, 0x03, 0xac, 0x9a, 0xbb, 0xe1, 0x17, 0x9b, // |........|
            0x18, 0x0c, 0x33, 0xcc, 0x05, 0x91, 0x1c, 0x43, // |..3....C|
            0x37, 0xd2, 0x10, 0xb7, 0xc6, 0xc7, 0x6b, 0xda, // |7.....k.|
            0x87, 0x9c, 0xaf, 0x93, 0x52, 0x2f, 0x4c, 0x6e, // |....R/Ln|
            0x14, 0xdb, 0x49, 0xbc, 0xeb, 0x96, 0xda, 0xb6, // |..I.....|
            0x3b, 0xf8, 0xc0, 0x33, 0xba, 0x15, 0x37, 0x39, // |;..3..79|
            0xe7, 0xae, 0xb6, 0x48, 0x3e, 0xd8, 0x57, 0x67, // |...H>.Wg|
            0x9c, 0xb6, 0x9c, 0xc0, 0x18, 0x0e, 0x74, 0x67, // |......tg|
            0xae, 0x8e, 0xc6, 0x80, 0x7f, 0x81, 0x25, 0xc4, // |......%.|
            0xe9, 0x04, 0xe8, 0xd9, 0x98, 0xb6, 0x99, 0x93, // |........|
            0xa1, 0xa4, 0x5e, 0x57, 0x74, 0x89, 0x30, 0x38, // |..^Wt.08|
            0xa9, 0xbb, 0x99, 0x4a, 0x7e, 0x42, 0x3c, 0xd2, // |...J~B<.|
            0x59, 0xb6, 0x49, 0xb0, 0xc7, 0x11, 0x57, 0x03, // |Y.I...W.|
            0x6d, 0x23, 0x1b, 0x72, 0xe7, 0x24, 0xdb, 0x75, // |m#.r.$.u|
            0x78, 0xd1, 0x38, 0x01, 0x46, 0xb6, 0x8c, 0x1b, // |x.8.F...|
            0x41, 0xb4, 0xbd, 0xc1, 0xa2, 0x00, 0x63, 0xa5, // |A.....c.|
            0x97, 0x30, 0x5d, 0xbe, 0xd1, 0x37, 0x31, 0xf1, // |.0]..71.|
            0xbb, 0xc6, 0xf8, 0x81, 0x35, 0x86, 0x32, 0xa6, // |....5.2.|
            0xc3, 0x35, 0x54, 0x45, 0x50, 0xdf, 0x61, 0x46, // |.5TEP.aF|
            0x5b, 0x83, 0x6b, 0xac, 0x5c, 0x2d, 0xa2, 0xc3, // |[.k.\-..|
            0x2e, 0x71, 0x32, 0x18, 0x41, 0x29, 0x99, 0x66, // |.q2.A).f|
            0x8c, 0x50, 0x28, 0x92, 0x45, 0xae, 0x96, 0x38, // |.P(.E..8|
            0xa4, 0x83, 0x94, 0x4a, 0x2f, 0x0e, 0x62, 0x13, // |...J/.b.|
            0x07, 0x13, 0xc2, 0x0b, 0x84, 0xfd, 0x27, 0xab, // |......'.|
            0x6c, 0xb4, 0x69, 0x0d, 0xd2, 0xdb, 0xfb, 0x8e, // |l.i.....|
            0xa7, 0x09, 0x65, 0x76, 0x7e, 0x09, 0xa4, 0x7a, // |..ev~..z|
            0xe9, 0xfe, 0xec, 0x52, 0x89, 0x7d, 0x07, 0x6f, // |...R.}.o|
            0xff, 0xa0, 0xde, 0x8a, 0x42, 0x2d, 0xc3, 0x75, // |....B-.u|
            0x05, 0x6d, 0x60, 0x76, 0xce, 0xe1, 0x6c, 0xfd, // |.m`v..l.|
            0xae, 0x1f, 0x5e, 0x02, 0x94, 0x39, 0x2a, 0x55, // |..^..9*U|
            0x00, 0x1d, 0x00, 0x20, 0x8d, 0x89, 0x9a, 0x19, // |... ....|
            0x1d, 0x53, 0x52, 0xd5, 0xc1, 0x3e, 0x3a, 0x1d, // |.SR..>:.|
            0x12, 0x15, 0xae, 0x33, 0x2e, 0x54, 0xd1, 0x6f, // |...3.T.o|
            0xd6, 0xb1, 0x73, 0xd9, 0x56, 0x98, 0x6f, 0x8f, // |..s.V.o.|
            0x7e, 0xf5, 0xd9, 0x75, 0x00, 0x0b, 0x00, 0x02, // |~..u....|
            0x01, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, // |........|
            0x00, 0x00, 0x00, 0x9a, 0x9a, 0x00, 0x01, 0x00, // |........|
        ];
        let sni = get_sni(&BUF);
        assert_eq!(sni[0], *"ha.home.kie.rs");
    }
    #[test]
    fn test_too_little_data() {
        let sni = get_sni(&TOO_LITTLE_DATA_END);
        assert_eq!(0, sni.len());
    }
    const TOO_LITTLE_DATA_START: [u8; 1392] = [
        0x16, 0x03, 0x01, 0x06, 0xab, 0x01, 0x00, 0x06, // |........|
        0xa7, 0x03, 0x03, 0x84, 0x53, 0xb2, 0xd7, 0x37, // |....S..7|
        0xcd, 0x27, 0xda, 0xf4, 0x70, 0xd8, 0x78, 0x26, // |.'..p.x&|
        0x34, 0x7f, 0xe3, 0xa7, 0x5d, 0xfe, 0x97, 0x29, // |4...]..)|
        0x89, 0x29, 0xa2, 0xd8, 0x62, 0x05, 0x7b, 0x13, // |.)..b.{.|
        0xcf, 0x4b, 0x13, 0x20, 0x5b, 0x74, 0x4e, 0x23, // |.K. [tN#|
        0x90, 0x08, 0x5a, 0x43, 0xbf, 0xe0, 0x0d, 0xeb, // |..ZC....|
        0x8a, 0xc8, 0x4d, 0x14, 0x1e, 0x35, 0x43, 0x04, // |..M..5C.|
        0x36, 0x32, 0xdc, 0x71, 0xff, 0xcc, 0xb3, 0x5b, // |62.q...[|
        0x63, 0x4b, 0x2b, 0xee, 0x00, 0x20, 0xba, 0xba, // |cK+.. ..|
        0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2b, // |.......+|
        0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30, 0xcc, 0xa9, // |./.,.0..|
        0xcc, 0xa8, 0xc0, 0x13, 0xc0, 0x14, 0x00, 0x9c, // |........|
        0x00, 0x9d, 0x00, 0x2f, 0x00, 0x35, 0x01, 0x00, // |.../.5..|
        0x06, 0x3e, 0x7a, 0x7a, 0x00, 0x00, 0x00, 0x0a, // |.>zz....|
        0x00, 0x0c, 0x00, 0x0a, 0xda, 0xda, 0x11, 0xec, // |........|
        0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0xff, 0x01, // |........|
        0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, // |........|
        0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, // |........|
        0x68, 0x61, 0x2e, 0x68, 0x6f, 0x6d, 0x65, 0x2e, // |ha.home.|
        0x6b, 0x69, 0x65, 0x2e, 0x72, 0x73, 0xfe, 0x0d, // |kie.rs..|
        0x00, 0xba, 0x00, 0x00, 0x01, 0x00, 0x01, 0x11, // |........|
        0x00, 0x20, 0xf7, 0xf4, 0x20, 0xc8, 0xb7, 0xeb, // |. .. ...|
        0xf1, 0x2d, 0x8b, 0x30, 0x2c, 0xc8, 0x5e, 0xd3, // |.-.0,.^.|
        0xa3, 0x02, 0x38, 0xf2, 0x41, 0xf7, 0x3f, 0x2d, // |..8.A.?-|
        0xb4, 0xf0, 0xd7, 0x3b, 0xe5, 0x19, 0x3f, 0xc3, // |...;..?.|
        0xae, 0x1f, 0x00, 0x90, 0x27, 0x8d, 0x4c, 0xc9, // |....'.L.|
        0xb3, 0xd1, 0x63, 0x20, 0xe4, 0x33, 0x18, 0x56, // |..c .3.V|
        0xd5, 0x9b, 0xd5, 0xf9, 0xf2, 0x94, 0x1d, 0xe4, // |........|
        0xa6, 0x88, 0x47, 0xd2, 0x85, 0x4f, 0xf4, 0x30, // |..G..O.0|
        0x22, 0xff, 0x67, 0x80, 0x60, 0x33, 0x17, 0xa0, // |".g.`3..|
        0x4f, 0xdb, 0x98, 0x53, 0x00, 0xa4, 0xc8, 0x89, // |O..S....|
        0xb8, 0x1b, 0x3f, 0xbd, 0xdf, 0xeb, 0x48, 0x1a, // |..?...H.|
        0xa1, 0x33, 0xd7, 0xc1, 0x8d, 0x76, 0xf2, 0xcf, // |.3...v..|
        0xbe, 0x30, 0x1d, 0xcd, 0x3a, 0xfe, 0xf1, 0xb0, // |.0..:...|
        0x86, 0xbc, 0x28, 0x74, 0x78, 0xa1, 0x9a, 0x60, // |..(tx..`|
        0x14, 0xfe, 0x12, 0x92, 0x4d, 0xb5, 0x9e, 0x85, // |....M...|
        0x79, 0x62, 0x9c, 0x68, 0x73, 0xc6, 0x0e, 0xe5, // |yb.hs...|
        0xad, 0x5b, 0xe2, 0x69, 0x00, 0xc0, 0x26, 0x24, // |.[.i..&$|
        0x88, 0xfa, 0x22, 0x29, 0x36, 0x7b, 0x16, 0x59, // |..")6{.Y|
        0x48, 0xbe, 0xf9, 0x1c, 0x86, 0x55, 0xcb, 0x67, // |H....U.g|
        0xae, 0xb6, 0x7b, 0x69, 0x3e, 0xd0, 0x48, 0x31, // |..{i>.H1|
        0x58, 0x8a, 0xd8, 0xba, 0x06, 0x21, 0xf0, 0xd4, // |X....!..|
        0x4e, 0xef, 0xcf, 0x67, 0xc5, 0x63, 0x97, 0x59, // |N..g.c.Y|
        0x95, 0x12, 0x47, 0x90, 0x00, 0x2d, 0x00, 0x02, // |..G..-..|
        0x01, 0x01, 0x00, 0x10, 0x00, 0x0b, 0x00, 0x09, // |........|
        0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, // |.http/1.|
        0x31, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, // |1.......|
        0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, // |........|
        0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x00, // |........|
        0x2b, 0x00, 0x07, 0x06, 0x0a, 0x0a, 0x03, 0x04, // |+.......|
        0x03, 0x03, 0x00, 0x23, 0x00, 0x00, 0x00, 0x12, // |...#....|
        0x00, 0x00, 0x00, 0x1b, 0x00, 0x03, 0x02, 0x00, // |........|
        0x02, 0x00, 0x33, 0x04, 0xef, 0x04, 0xed, 0xda, // |..3.....|
        0xda, 0x00, 0x01, 0x00, 0x11, 0xec, 0x04, 0xc0, // |........|
        0xc6, 0x12, 0x85, 0x0b, 0xba, 0x73, 0x9d, 0x00, // |.....s..|
        0x29, 0x08, 0x40, 0x3a, 0xb8, 0xfc, 0x9e, 0x99, // |).@:....|
        0x25, 0xbd, 0x60, 0xb6, 0x8a, 0x56, 0x51, 0xac, // |%.`..VQ.|
        0x38, 0xa3, 0x15, 0x37, 0x21, 0x80, 0x86, 0x02, // |8..7!...|
        0xb2, 0x10, 0x4b, 0x29, 0xeb, 0x37, 0x04, 0x47, // |..K).7.G|
        0x16, 0x12, 0x0e, 0x63, 0x2d, 0x32, 0xf6, 0x2a, // |...c-2.*|
        0x86, 0x09, 0x7b, 0x41, 0x28, 0x8c, 0xcf, 0xfa, // |..{A(...|
        0x08, 0x2e, 0x0c, 0xb2, 0x55, 0xb4, 0xb4, 0xd2, // |....U...|
        0x76, 0x38, 0x47, 0x44, 0x78, 0xf0, 0x01, 0xb6, // |v8GDx...|
        0xee, 0xf0, 0x1f, 0x4b, 0xc5, 0x6b, 0xb3, 0x93, // |...K.k..|
        0x4d, 0xa5, 0x25, 0x29, 0xda, 0x33, 0x1e, 0xc5, // |M.%).3..|
        0x15, 0x98, 0xf5, 0x41, 0x3e, 0xd2, 0xf7, 0x82, // |...A>...|
        0xd7, 0xbb, 0x56, 0xf0, 0x86, 0x29, 0xa3, 0x56, // |..V..).V|
        0x25, 0xdc, 0xaa, 0x03, 0xaa, 0x28, 0xa7, 0x2b, // |%....(.+|
        0xc0, 0x41, 0xca, 0x66, 0x3e, 0xcc, 0x21, 0x40, // |.A.f>.!@|
        0x60, 0x34, 0x5f, 0x9f, 0x69, 0x37, 0xac, 0x30, // |`4_.i7.0|
        0x06, 0x7a, 0xf9, 0x26, 0xfe, 0x3c, 0x13, 0x05, // |.z.&.<..|
        0xf6, 0xbe, 0x5f, 0x0c, 0x9a, 0x43, 0x18, 0xa2, // |.._..C..|
        0xd9, 0xc5, 0xa0, 0x06, 0x0b, 0x0a, 0x21, 0xf1, // |......!.|
        0x6b, 0x12, 0x4a, 0x5d, 0xec, 0xf6, 0x01, 0x30, // |k.J]...0|
        0xb6, 0x3b, 0x34, 0x62, 0xcd, 0x5a, 0x6a, 0x26, // |.;4b.Zj&|
        0x08, 0x98, 0xc9, 0xd0, 0x8a, 0x49, 0x94, 0x07, // |.....I..|
        0x48, 0x45, 0x78, 0x45, 0xae, 0x24, 0x2b, 0x83, // |HExE.$+.|
        0xb6, 0x69, 0x6c, 0x20, 0x33, 0xa9, 0xc4, 0x8e, // |.il 3...|
        0xe7, 0x1a, 0x90, 0x28, 0xc6, 0x3f, 0x16, 0xf2, // |...(.?..|
        0xae, 0x3e, 0x22, 0x17, 0x26, 0x9c, 0x38, 0xf5, // |.>".&.8.|
        0x88, 0x60, 0x79, 0x16, 0x28, 0xce, 0x05, 0x72, // |.`y.(..r|
        0x2f, 0x64, 0x99, 0xdd, 0x8c, 0x5b, 0xa6, 0xe2, // |/d...[..|
        0x65, 0x8a, 0xe2, 0x8d, 0xb6, 0x24, 0x9e, 0x6d, // |e....$.m|
        0x5a, 0x70, 0xfd, 0xea, 0xca, 0xec, 0x77, 0x46, // |Zp....wF|
        0x20, 0xa8, 0x1f, 0x78, 0xf6, 0x34, 0x52, 0x13, // | ..x.4R.|
        0x97, 0xef, 0x60, 0xb9, 0xe5, 0xc6, 0x85, 0xf2, // |..`.....|
        0x84, 0x64, 0xdc, 0x08, 0x07, 0xe2, 0x63, 0xa6, // |.d....c.|
        0x23, 0x64, 0x54, 0xb8, 0x72, 0xac, 0x23, 0xda, // |#dT.r.#.|
        0x8f, 0x73, 0xe4, 0x9b, 0x80, 0x77, 0x66, 0x3f, // |.s...wf?|
        0x69, 0x34, 0xc4, 0xfb, 0x45, 0x3d, 0x1c, 0xa7, // |i4..E=..|
        0x86, 0x98, 0x2e, 0xb4, 0xe0, 0x84, 0xb6, 0x47, // |.......G|
        0x78, 0xeb, 0x2b, 0x10, 0x17, 0x45, 0x8a, 0xcf, // |x.+..E..|
        0xea, 0xb5, 0x58, 0x42, 0x93, 0xbe, 0x4b, 0xad, // |..XB..K.|
        0xfb, 0x28, 0x11, 0x12, 0xe0, 0x7c, 0x3d, 0x34, // |.(...|=4|
        0x8c, 0x82, 0x07, 0x84, 0xda, 0x8b, 0x35, 0x86, // |......5.|
        0x37, 0x35, 0x1d, 0x1a, 0xa2, 0xbf, 0x0a, 0xb4, // |75......|
        0x8e, 0xf0, 0x91, 0xc4, 0xa8, 0x3f, 0x38, 0x03, // |.....?8.|
        0x37, 0xc1, 0x9a, 0x94, 0x43, 0x09, 0x57, 0xee, // |7...C.W.|
        0xaa, 0xcb, 0x3d, 0x13, 0xa2, 0x33, 0xd1, 0x04, // |..=..3..|
        0x2c, 0x6c, 0xb4, 0x1c, 0x86, 0x07, 0x0c, 0x3c, // |,l.....<|
        0x5c, 0xc9, 0x8c, 0xc8, 0x1a, 0x85, 0xa6, 0xdd, // |\.......|
        0xd3, 0xc5, 0xae, 0x84, 0x4d, 0xfe, 0xa2, 0x99, // |....M...|
        0xd3, 0x0b, 0x1f, 0x43, 0x01, 0xa6, 0x7b, 0xb2, // |...C..{.|
        0x5b, 0xd5, 0xa0, 0x3e, 0xd4, 0x6c, 0x65, 0x75, // |[..>.leu|
        0x55, 0x28, 0x4d, 0x1c, 0x28, 0x86, 0xda, 0x94, // |U(M.(...|
        0xbe, 0x0a, 0x99, 0x61, 0xa4, 0x88, 0xd9, 0x6a, // |...a...j|
        0x20, 0x1d, 0x78, 0x45, 0x5f, 0x66, 0xcc, 0x8c, // | .xE_f..|
        0xe1, 0xba, 0x4c, 0x51, 0x99, 0x54, 0x27, 0x77, // |..LQ.T'w|
        0xb4, 0x84, 0x61, 0x4e, 0xf9, 0x90, 0x6f, 0x19, // |..aN..o.|
        0x44, 0x93, 0x27, 0x1d, 0x95, 0x82, 0x74, 0x7f, // |D.'...t.|
        0x35, 0xaf, 0x04, 0xe4, 0x58, 0x41, 0x3a, 0x51, // |5...XA:Q|
        0x0b, 0x22, 0x45, 0xaf, 0x44, 0x2a, 0xe9, 0xa3, // |."E.D*..|
        0x71, 0x65, 0x15, 0x22, 0xea, 0x40, 0x10, 0xaf, // |qe.".@..|
        0x5b, 0x27, 0xfc, 0x02, 0x00, 0x23, 0xa3, 0x70, // |['...#.p|
        0xa9, 0x6c, 0xa7, 0xf7, 0x29, 0x5c, 0x75, 0x9b, // |.l..)\u.|
        0x4c, 0x23, 0x14, 0x51, 0x12, 0x62, 0x71, 0xbb, // |L#.Q.bq.|
        0x75, 0x64, 0x65, 0xb3, 0xaa, 0x1e, 0x10, 0x14, // |ude.....|
        0xbf, 0xd0, 0x8b, 0xe0, 0xe4, 0x51, 0x6e, 0xa8, // |.....Qn.|
        0x1a, 0x95, 0x21, 0xa9, 0x9f, 0xf7, 0x2a, 0xac, // |..!...*.|
        0x5c, 0x1c, 0x12, 0xac, 0x9d, 0xac, 0x57, 0x14, // |\.....W.|
        0x27, 0xaa, 0xa7, 0xee, 0xc3, 0x9d, 0x63, 0x48, // |'.....cH|
        0x0e, 0xd7, 0xf8, 0x92, 0x9f, 0x28, 0xb9, 0x82, // |.....(..|
        0x71, 0x99, 0xa1, 0xcb, 0x69, 0x0c, 0x29, 0x7d, // |q...i.)}|
        0x67, 0x73, 0xae, 0x9d, 0xd7, 0xc7, 0x51, 0x7a, // |gs....Qz|
        0x2c, 0x3a, 0x74, 0x89, 0x7d, 0x76, 0x35, 0xb5, // |,:t.}v5.|
        0x97, 0x73, 0x4a, 0xfc, 0x29, 0x9a, 0x1a, 0x06, // |.sJ.)...|
        0x2f, 0xd0, 0x89, 0x32, 0xfc, 0x3b, 0x17, 0xec, // |/..2.;..|
        0x7a, 0xb5, 0x3c, 0x66, 0x0f, 0x43, 0x55, 0x41, // |z.<f.CUA|
        0x49, 0x3f, 0xbf, 0xa1, 0x6f, 0x8a, 0x05, 0x76, // |I?..o..v|
        0xd4, 0x02, 0x33, 0x52, 0x78, 0xc8, 0x08, 0xe9, // |..3Rx...|
        0x49, 0xb8, 0x42, 0x05, 0xed, 0x34, 0x0a, 0xb1, // |I.B..4..|
        0xa8, 0x32, 0x00, 0x6b, 0x00, 0x42, 0x56, 0x8a, // |.2.k.BV.|
        0xe9, 0x04, 0x7a, 0xac, 0xc8, 0x72, 0x7f, 0x40, // |..z..r.@|
        0x4c, 0xd6, 0xa9, 0x34, 0x0b, 0xc3, 0x63, 0x39, // |L..4..c9|
        0x21, 0xbf, 0x04, 0xb0, 0x2b, 0x81, 0xf9, 0x07, // |!...+...|
        0xe6, 0x15, 0x92, 0x89, 0x9b, 0x1e, 0xe6, 0x4b, // |.......K|
        0x5b, 0x0b, 0x33, 0x5f, 0x89, 0x96, 0xa2, 0x74, // |[.3_...t|
        0x41, 0x6b, 0x15, 0xe8, 0x8a, 0x62, 0xf5, 0x1c, // |Ak...b..|
        0x37, 0x38, 0x62, 0x77, 0xd4, 0x57, 0x7b, 0x43, // |78bw.W{C|
        0x42, 0x4f, 0x01, 0x9c, 0xf2, 0xe0, 0x68, 0xb7, // |BO....h.|
        0xf1, 0x66, 0x93, 0xd8, 0x8e, 0x78, 0x80, 0x24, // |.f...x.$|
        0x4c, 0x61, 0x11, 0xbb, 0xf2, 0x79, 0xf7, 0x96, // |La...y..|
        0x02, 0x80, 0xaa, 0xc7, 0xcd, 0xbb, 0x55, 0x03, // |......U.|
        0x22, 0x5e, 0xda, 0xa2, 0x44, 0x7d, 0x82, 0x41, // |"^..D}.A|
        0x86, 0x9b, 0x92, 0x0a, 0xd5, 0x7e, 0xf2, 0x78, // |.....~.x|
        0x84, 0x50, 0x00, 0x2d, 0x0b, 0xab, 0x92, 0x7a, // |.P.-...z|
        0x96, 0x15, 0xcf, 0x5a, 0x34, 0x45, 0x35, 0xa7, // |...Z4E5.|
        0x18, 0x61, 0x2b, 0x88, 0x45, 0xaa, 0xd3, 0xe2, // |.a+.E...|
        0x54, 0xf9, 0xc7, 0xbb, 0xe7, 0x00, 0x86, 0xbd, // |T.......|
        0x8b, 0xbb, 0x6d, 0x3b, 0x0f, 0x8d, 0xfb, 0x4d, // |..m;...M|
        0x5d, 0x8b, 0x50, 0x2e, 0x68, 0x74, 0x5d, 0x03, // |].P.ht].|
        0x16, 0x2a, 0x49, 0x24, 0x54, 0x5b, 0xa9, 0x34, // |.*I$T[.4|
        0x25, 0x17, 0x79, 0xe3, 0xc3, 0x3a, 0x2a, 0x12, // |%.y..:*.|
        0x75, 0x64, 0x16, 0xa4, 0xb7, 0x7e, 0x39, 0x5a, // |ud...~9Z|
        0x4e, 0x3e, 0x53, 0x2b, 0x49, 0x1b, 0x26, 0xdf, // |N>S+I.&.|
        0xfc, 0x29, 0x99, 0xcb, 0xad, 0x29, 0x2c, 0x72, // |.)...),r|
        0x3f, 0xa7, 0xcb, 0x45, 0x4c, 0x14, 0xee, 0x46, // |?..EL..F|
        0x74, 0x64, 0xdb, 0x4b, 0x4b, 0xa4, 0x35, 0x3c, // |td.KK.5<|
        0x91, 0xc4, 0x9b, 0xb0, 0x66, 0xc6, 0x70, 0xb6, // |....f.p.|
        0xf2, 0x07, 0x3b, 0xbf, 0x74, 0x72, 0xb4, 0x24, // |..;.tr.$|
        0x7e, 0x87, 0xd4, 0x0a, 0x37, 0xd9, 0x49, 0x04, // |~...7.I.|
        0x09, 0x36, 0xd1, 0x63, 0x88, 0xe1, 0xe8, 0x08, // |.6.c....|
        0xbf, 0x17, 0xc4, 0xcd, 0xcb, 0x3c, 0xef, 0x88, // |.....<..|
        0x2c, 0xf6, 0xa3, 0x6d, 0x89, 0x39, 0xc9, 0xfe, // |,..m.9..|
        0x97, 0x25, 0xb3, 0x9a, 0x02, 0x40, 0xd4, 0x90, // |.%...@..|
        0x28, 0x6a, 0x79, 0xbd, 0x4b, 0x8e, 0x10, 0x18, // |(jy.K...|
        0xc9, 0xaf, 0xe9, 0xc0, 0x6e, 0xd5, 0xb1, 0xcf, // |....n...|
        0xe8, 0xa4, 0xdc, 0x94, 0x12, 0x82, 0xfb, 0x08, // |........|
        0x42, 0xd4, 0x1a, 0x76, 0xa2, 0x4b, 0x3f, 0xc3, // |B..v.K?.|
        0xb4, 0x0b, 0xa3, 0x0c, 0xec, 0x19, 0x7c, 0x5f, // |......|_|
        0xd5, 0x98, 0x99, 0xf4, 0x1a, 0xca, 0x83, 0xaa, // |........|
        0xbd, 0x26, 0x31, 0x95, 0x77, 0x90, 0x43, 0x7a, // |.&1.w.Cz|
        0x75, 0x15, 0xcb, 0x68, 0xae, 0x24, 0xc5, 0x1b, // |u..h.$..|
    ];
    const TOO_LITTLE_DATA_END: [u8; 312] = [
        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, // |........|
        0x00, 0x01, 0x00, 0x06, 0x14, 0x49, 0xbc, 0x07, // |.....I..|
        0xd1, 0x60, 0x00, 0x00, 0x45, 0x00, 0x01, 0x24, // |.`..E..$|
        0x46, 0x04, 0x40, 0x00, 0x7f, 0x06, 0x11, 0x27, // |F.@....'|
        0x4d, 0xaf, 0x56, 0xec, 0xc0, 0xa8, 0x3e, 0x65, // |M.V...>e|
        0xbf, 0x7f, 0x01, 0xbb, 0xaf, 0x09, 0x43, 0xb4, // |......C.|
        0xde, 0x93, 0xcc, 0x66, 0x50, 0x18, 0x02, 0x01, // |...fP...|
        0xd3, 0x21, 0x00, 0x00, 0xba, 0x15, 0x37, 0x39, // |.!....79|
        0xe7, 0xae, 0xb6, 0x48, 0x3e, 0xd8, 0x57, 0x67, // |...H>.Wg|
        0x9c, 0xb6, 0x9c, 0xc0, 0x18, 0x0e, 0x74, 0x67, // |......tg|
        0xae, 0x8e, 0xc6, 0x80, 0x7f, 0x81, 0x25, 0xc4, // |......%.|
        0xe9, 0x04, 0xe8, 0xd9, 0x98, 0xb6, 0x99, 0x93, // |........|
        0xa1, 0xa4, 0x5e, 0x57, 0x74, 0x89, 0x30, 0x38, // |..^Wt.08|
        0xa9, 0xbb, 0x99, 0x4a, 0x7e, 0x42, 0x3c, 0xd2, // |...J~B<.|
        0x59, 0xb6, 0x49, 0xb0, 0xc7, 0x11, 0x57, 0x03, // |Y.I...W.|
        0x6d, 0x23, 0x1b, 0x72, 0xe7, 0x24, 0xdb, 0x75, // |m#.r.$.u|
        0x78, 0xd1, 0x38, 0x01, 0x46, 0xb6, 0x8c, 0x1b, // |x.8.F...|
        0x41, 0xb4, 0xbd, 0xc1, 0xa2, 0x00, 0x63, 0xa5, // |A.....c.|
        0x97, 0x30, 0x5d, 0xbe, 0xd1, 0x37, 0x31, 0xf1, // |.0]..71.|
        0xbb, 0xc6, 0xf8, 0x81, 0x35, 0x86, 0x32, 0xa6, // |....5.2.|
        0xc3, 0x35, 0x54, 0x45, 0x50, 0xdf, 0x61, 0x46, // |.5TEP.aF|
        0x5b, 0x83, 0x6b, 0xac, 0x5c, 0x2d, 0xa2, 0xc3, // |[.k.\-..|
        0x2e, 0x71, 0x32, 0x18, 0x41, 0x29, 0x99, 0x66, // |.q2.A).f|
        0x8c, 0x50, 0x28, 0x92, 0x45, 0xae, 0x96, 0x38, // |.P(.E..8|
        0xa4, 0x83, 0x94, 0x4a, 0x2f, 0x0e, 0x62, 0x13, // |...J/.b.|
        0x07, 0x13, 0xc2, 0x0b, 0x84, 0xfd, 0x27, 0xab, // |......'.|
        0x6c, 0xb4, 0x69, 0x0d, 0xd2, 0xdb, 0xfb, 0x8e, // |l.i.....|
        0xa7, 0x09, 0x65, 0x76, 0x7e, 0x09, 0xa4, 0x7a, // |..ev~..z|
        0xe9, 0xfe, 0xec, 0x52, 0x89, 0x7d, 0x07, 0x6f, // |...R.}.o|
        0xff, 0xa0, 0xde, 0x8a, 0x42, 0x2d, 0xc3, 0x75, // |....B-.u|
        0x05, 0x6d, 0x60, 0x76, 0xce, 0xe1, 0x6c, 0xfd, // |.m`v..l.|
        0xae, 0x1f, 0x5e, 0x02, 0x94, 0x39, 0x2a, 0x55, // |..^..9*U|
        0x00, 0x1d, 0x00, 0x20, 0x8d, 0x89, 0x9a, 0x19, // |... ....|
        0x1d, 0x53, 0x52, 0xd5, 0xc1, 0x3e, 0x3a, 0x1d, // |.SR..>:.|
        0x12, 0x15, 0xae, 0x33, 0x2e, 0x54, 0xd1, 0x6f, // |...3.T.o|
        0xd6, 0xb1, 0x73, 0xd9, 0x56, 0x98, 0x6f, 0x8f, // |..s.V.o.|
        0x7e, 0xf5, 0xd9, 0x75, 0x00, 0x0b, 0x00, 0x02, // |~..u....|
        0x01, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, // |........|
        0x00, 0x00, 0x00, 0x9a, 0x9a, 0x00, 0x01, 0x00, // |........|
    ];
 }
--- a/src/servers/upstream_address.rs
+++ b/src/servers/upstream_address.rs
@@ -4,8 +4,7 @@ use std::io::Result;
 use std::net::SocketAddr;
 use std::sync::Arc;
 use std::sync::RwLock;
-use std::time::Instant;
+use time::{Duration, Instant, OffsetDateTime};
 use time::{Duration, OffsetDateTime};
 #[derive(Debug, Clone, Default)]
 pub(crate) struct UpstreamAddress {
--- a/src/sni_matcher.rs
+++ b/src/sni_matcher.rs
@@ -1,391 +0,0 @@
 use std::collections::HashMap;
 #[derive(Debug, Clone)]
 pub struct SniPattern {
    pub pattern: String,
    pub upstream: String,
 }
 /// Validates and matches SNI patterns against incoming SNI values. Supports exact matches and wildcard patterns.
 ///
 /// Rules:
 /// - Wildcard patterns must start with "*." and have a valid domain suffix after it (e.g., "*.example.com")
 /// - Wildcard patterns cannot have a wildcard in the middle (e.g., "*.example.*" is invalid)
 /// - Wildcard patterns cannot have multiple wildcards (e.g., "*.*.example.com" is invalid)
 /// - When there are two wildcard patterns that could match the same SNI, the longest suffix wins
 ///   (e.g., "*.example.com" vs "*.api.example.com" - "v2.api.example.com" matches "*.api.example.com")
 /// - Wildcard patterns that overlap are not matched (e.g. "*.example.com" and "*.bar.example.com" - "bar.example.com" matches neither, "v2.bar.example.com" matches "*.bar.example.com")
 /// - Wildcard patterns cannot be just "*." or "*" (must have a valid suffix)
 /// - For known public suffixes (e.g., "com", "org"), the wildcard must have at least one label below the public suffix (e.g., "*.example.com" is valid, but "*.com", or *.co.uk is invalid)
 /// - For unknown suffixes (e.g., "local", "lan"), the wildcard is allowed without restriction (e.g., "*.local" is valid)
 #[derive(Debug, Clone)]
 pub struct SniMatcher {
    pub exact: HashMap<String, String>,
    pub wildcards: Vec<SniPattern>,
 }
 impl SniMatcher {
    pub fn new(sni_map: HashMap<String, String>) -> Result<Self, Vec<String>> {
        Self::validate(&sni_map)?;
        let mut exact = HashMap::new();
        let mut wildcards = Vec::new();
        for (pattern, upstream) in sni_map {
            if pattern.starts_with("*.") {
                wildcards.push(SniPattern {
                    pattern: pattern.clone(),
                    upstream,
                });
            } else {
                exact.insert(pattern, upstream);
            }
        }
        wildcards.sort_by(|a, b| {
            let a_suffix = a.pattern.trim_start_matches("*.");
            let b_suffix = b.pattern.trim_start_matches("*.");
            b_suffix.len().cmp(&a_suffix.len())
        });
        Ok(SniMatcher { exact, wildcards })
    }
    /// Matches the provided SNI against the patterns in the matcher. Returns Some(upstream) if a match is found, or None if no match is found.
    pub fn match_sni(&self, sni: &str) -> Option<String> {
        if let Some(upstream) = self.exact.get(sni) {
            return Some(upstream.clone());
        }
        // Try each wildcard in order (longest suffix first)
        for wildcard in &self.wildcards {
            let suffix = wildcard.pattern.trim_start_matches("*.");
            let suffix_len = suffix.len();
            let check = format!(".{}", suffix);
            if !sni.ends_with(&check) {
                continue;
            }
            // Must have at least one label before the suffix to match
            let prefix = &sni[..sni.len() - suffix_len - 1];
            // Check if a more specific wildcard could also match this SNI
            let is_owned = {
                let sni_labels = sni.matches('.').count() + 1;
                self.wildcards.iter().any(|w| {
                    // Skip the current wildcard itself
                    if w.pattern == wildcard.pattern {
                        return false;
                    }
                    let w_suffix = w.pattern.trim_start_matches("*.");
                    let w_len = w_suffix.len();
                    // Only care about wildcards with longer suffix (more specific)
                    if w_len <= suffix_len {
                        return false;
                    }
                    let w_suffix_labels = w_suffix.matches('.').count() + 1;
                    if sni == w_suffix {
                        // Exact match to more specific suffix - owned if could potentially match
                        // (sni has at least as many labels as the suffix needs)
                        sni_labels >= w_suffix_labels
                    } else if sni.ends_with(&format!(".{}", w_suffix)) {
                        // Ends with more specific suffix - owned if SNI has enough labels
                        sni_labels >= w_suffix_labels + 1
                    } else {
                        false
                    }
                })
            };
            if is_owned {
                continue;
            }
            // Only return if we have a valid prefix (at least one label)
            if !prefix.is_empty() {
                return Some(wildcard.upstream.clone());
            }
        }
        None
    }
    fn validate_wildcard_suffix(pattern: &str) -> Result<(), String> {
        let suffix = pattern.trim_start_matches("*.");
        let domain_str = format!("a.{}", suffix);
        if let Some(ps) = psl::suffix(domain_str.as_bytes()) {
            let ps_str = std::str::from_utf8(ps.as_bytes()).unwrap_or("");
            if ps_str == suffix {
                return Err(format!(
                    "Invalid wildcard pattern: {} - wildcard cannot be at the public suffix level",
                    pattern
                ));
            }
        }
        Ok(())
    }
    fn validate(sni_map: &HashMap<String, String>) -> Result<(), Vec<String>> {
        let mut errors = Vec::new();
        for (pattern, _upstream) in sni_map {
            if pattern == "*" {
                errors.push(format!(
                    "Invalid wildcard pattern: * - just asterisk is not allowed"
                ));
                continue;
            }
            if pattern == "*." {
                errors.push(format!(
                    "Invalid wildcard pattern: *. - empty suffix after wildcard"
                ));
                continue;
            }
            if let Some(rest) = pattern.strip_prefix("*.") {
                if rest.is_empty() {
                    errors.push(format!(
                        "Invalid wildcard pattern: {pattern} - empty suffix after wildcard"
                    ));
                    continue;
                }
                if rest.contains('*') {
                    errors.push(format!("Invalid wildcard pattern: {pattern} - wildcard cannot be in the middle of suffix"));
                    continue;
                }
                if let Err(e) = Self::validate_wildcard_suffix(pattern) {
                    errors.push(e);
                }
            } else if pattern.contains('*') {
                errors.push(format!(
                    "Invalid wildcard pattern: {pattern} - wildcard must be at the start"
                ));
            }
        }
        if errors.is_empty() {
            Ok(())
        } else {
            Err(errors)
        }
    }
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    #[test]
    fn test_exact_match() {
        let mut sni_map = HashMap::new();
        sni_map.insert("example.com".to_string(), "upstream1".to_string());
        sni_map.insert("*.example.com".to_string(), "upstream2".to_string());
        let matcher = SniMatcher::new(sni_map).unwrap();
        assert_eq!(
            matcher.match_sni("example.com"),
            Some("upstream1".to_string())
        );
    }
    #[test]
    fn test_wildcard_match() {
        let mut sni_map = HashMap::new();
        sni_map.insert("example.com".to_string(), "upstream1".to_string());
        sni_map.insert("*.example.com".to_string(), "upstream2".to_string());
        let matcher = SniMatcher::new(sni_map).unwrap();
        assert_eq!(
            matcher.match_sni("www.example.com"),
            Some("upstream2".to_string())
        );
        assert_eq!(
            matcher.match_sni("api.example.com"),
            Some("upstream2".to_string())
        );
    }
    #[test]
    fn test_longest_suffix_match() {
        let mut sni_map = HashMap::new();
        sni_map.insert("*.example.com".to_string(), "wildcard1".to_string());
        sni_map.insert("*.api.example.com".to_string(), "wildcard2".to_string());
        let matcher = SniMatcher::new(sni_map).unwrap();
        assert_eq!(
            matcher.match_sni("v2.api.example.com"),
            Some("wildcard2".to_string())
        );
    }
    #[test]
    fn test_no_match() {
        let mut sni_map = HashMap::new();
        sni_map.insert("example.com".to_string(), "upstream1".to_string());
        let matcher = SniMatcher::new(sni_map).unwrap();
        assert_eq!(matcher.match_sni("other.com"), None);
    }
    #[test]
    fn test_unknown_suffix_allowed() {
        let mut sni_map = HashMap::new();
        sni_map.insert(
            "*.private.local".to_string(),
            "private_upstream".to_string(),
        );
        sni_map.insert(
            "*.internal.net".to_string(),
            "internal_upstream".to_string(),
        );
        let matcher = SniMatcher::new(sni_map).unwrap();
        assert_eq!(
            matcher.match_sni("server.private.local"),
            Some("private_upstream".to_string())
        );
        assert_eq!(
            matcher.match_sni("app.internal.net"),
            Some("internal_upstream".to_string())
        );
    }
    #[test]
    fn test_invalid_public_suffix() {
        let mut sni_map = HashMap::new();
        sni_map.insert("*.com".to_string(), "invalid".to_string());
        let result = SniMatcher::new(sni_map);
        assert!(result.is_err());
        let errors = result.unwrap_err();
        assert!(!errors.is_empty());
        assert!(errors[0].contains("*.com"));
    }
    #[test]
    fn test_multiple_errors_collected() {
        let mut sni_map = HashMap::new();
        sni_map.insert("*.com".to_string(), "invalid1".to_string());
        sni_map.insert("*.org".to_string(), "invalid2".to_string());
        sni_map.insert("*.net".to_string(), "invalid3".to_string());
        let result = SniMatcher::new(sni_map);
        assert!(result.is_err());
        let errors = result.unwrap_err();
        assert_eq!(errors.len(), 3);
    }
    #[test]
    fn test_valid_public_suffix() {
        let mut sni_map = HashMap::new();
        sni_map.insert("*.example.com".to_string(), "valid".to_string());
        let matcher = SniMatcher::new(sni_map).unwrap();
        assert_eq!(
            matcher.match_sni("www.example.com"),
            Some("valid".to_string())
        );
    }
    #[test]
    fn test_validate_static() {
        let mut sni_map = HashMap::new();
        sni_map.insert("*.com".to_string(), "invalid".to_string());
        sni_map.insert("*.example.com".to_string(), "valid".to_string());
        let result = SniMatcher::new(sni_map);
        assert!(result.is_err());
        let errors = result.unwrap_err();
        assert_eq!(errors.len(), 1);
        assert!(errors[0].contains("*.com"));
    }
    #[test]
    fn test_wildcard_not_at_start_rejected() {
        let mut sni_map = HashMap::new();
        sni_map.insert("foo*.example.com".to_string(), "invalid".to_string());
        let result = SniMatcher::new(sni_map);
        assert!(result.is_err());
        let errors = result.unwrap_err();
        assert!(!errors.is_empty());
        assert!(errors[0].contains("*.example.com"));
    }
    #[test]
    fn test_wildcard_in_middle_rejected() {
        let mut sni_map = HashMap::new();
        sni_map.insert("*.example.*".to_string(), "invalid".to_string());
        let result = SniMatcher::new(sni_map);
        assert!(result.is_err());
    }
    #[test]
    fn test_trailing_dot_rejected() {
        let mut sni_map = HashMap::new();
        sni_map.insert("*.".to_string(), "invalid".to_string());
        let result = SniMatcher::new(sni_map);
        assert!(result.is_err());
    }
    #[test]
    fn test_just_asterisk_rejected() {
        let mut sni_map = HashMap::new();
        sni_map.insert("*".to_string(), "invalid".to_string());
        let result = SniMatcher::new(sni_map);
        assert!(result.is_err());
    }
    #[test]
    fn test_wildcard_requires_subdomain() {
        let mut sni_map = HashMap::new();
        sni_map.insert("*.example.com".to_string(), "upstream".to_string());
        let matcher = SniMatcher::new(sni_map).unwrap();
        assert_eq!(matcher.match_sni("example.com"), None);
        assert_eq!(
            matcher.match_sni("www.example.com"),
            Some("upstream".to_string())
        );
        assert_eq!(
            matcher.match_sni("foo.bar.example.com"),
            Some("upstream".to_string())
        );
    }
    #[test]
    fn test_longest_suffix_wins_not_shortest() {
        let mut sni_map = HashMap::new();
        sni_map.insert("*.example.org".to_string(), "broad".to_string());
        sni_map.insert("*.bar.example.org".to_string(), "narrow".to_string());
        let matcher = SniMatcher::new(sni_map).unwrap();
        assert_eq!(matcher.match_sni("bar.example.org"), None);
        assert_eq!(
            matcher.match_sni("v2.bar.example.org"),
            Some("narrow".to_string())
        );
        assert_eq!(
            matcher.match_sni("v2.example.org"),
            Some("broad".to_string())
        );
    }
 }
--- a/src/update.rs
+++ b/src/update.rs
@@ -1,4 +1,4 @@
-use self_update::cargo_crate_version;
+use self_update::{cargo_crate_version, version};
 pub(crate) fn update() {
    println!("Updating to the latest version...");
Author	SHA1	Message	Date
Jacob Kiers	992d614275	Update toolchain once more Some checks failed continuous-integration/drone/push Build is failing Details continuous-integration/drone/pr Build is failing Details Signed-off-by: Jacob Kiers <code@kiers.eu>	2024-06-22 15:20:28 +02:00
Jacob Kiers	21b8d61faa	Disable default features for self_update All checks were successful continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details That prevents us from pulling in the OpenSSL library Signed-off-by: Jacob Kiers <code@kiers.eu>	2024-06-22 15:12:26 +02:00
Jacob Kiers	c00fa101b6	Apparently zig 0.13.0 does not work correctly Some checks failed continuous-integration/drone/push Build is failing Details continuous-integration/drone/pr Build is failing Details Signed-off-by: Jacob Kiers <code@kiers.eu>	2024-06-22 14:57:51 +02:00
Jacob Kiers	7ee71cf113	Upgrade toolchain Some checks failed continuous-integration/drone/pr Build is failing Details continuous-integration/drone/push Build is failing Details Signed-off-by: Jacob Kiers <code@kiers.eu>	2024-06-22 14:33:01 +02:00
Jacob Kiers	5cb2649eff	Add change log Some checks failed continuous-integration/drone/push Build is failing Details continuous-integration/drone/pr Build is failing Details Signed-off-by: Jacob Kiers <code@kiers.eu>	2024-06-22 13:55:01 +02:00
Jacob Kiers	e6ecdf5ed8	Add self update functionality Signed-off-by: Jacob Kiers <code@kiers.eu>	2024-06-22 13:54:41 +02:00