Hello experts,

Thanks for the quick response!
My name is Alon and I am working with Yoav in the new startup company.

I would like to clarify few things on our use-case in order to give you the information you need to help us doing the right thing with Nginx.

1. The application layer could be any protocol over TCP layer.
2. We need to do TLS termination in both directions, downstream and upstream.
3. The mirror traffic is not for raw packets, it should be done to the decrypted TCP content after the TLS termination(in both directions). 

So we thought on writing new stream module which works along side with the proxy_pass stream command. The new module register a handler on a stream content phase and copy the TCP content traffic to other process for offline analysis.
As Yoav mentioned, seems like there is only 1 handler in the content phase (which already taken by the proxy_pass stream). 

Do we need to re-write the ngx_stream_proxy_module for such mirror capabilities ?
Is there other better way to implement the use-case with Nginx?

Thanks, Alon