18 files changed, 1546 insertions, 0 deletions

diff --git a/reg-tests/converter/add_item.vtc b/reg-tests/converter/add_item.vtc
new file mode 100644
index 0000000..474ad7b
--- /dev/null
+++ b/reg-tests/converter/add_item.vtc
@@ -0,0 +1,50 @@
+varnishtest "be2dec converter Test"
+
+feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.6-dev0)'"
+feature ignore_unknown_macro
+
+server s1 {
+	rxreq
+	txresp -hdr "Connection: close"
+} -repeat 3 -start
+
+haproxy h1 -conf {
+    defaults
+	mode http
+	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+    frontend fe
+	bind "fd@${fe}"
+
+	#### requests
+	http-request  set-var(txn.input) req.hdr(input)
+	http-request  set-var(txn.var) str("var_content")
+
+	http-response set-header add_item-1   "%[var(txn.input),add_item(',',txn.var,_suff_)]"
+	http-response set-header add_item-2   "%[var(txn.input),add_item(',',txn.var)]"
+	http-response set-header add_item-3   "%[var(txn.input),add_item(',',,_suff_)]"
+
+	default_backend be
+
+    backend be
+	server s1 ${s1_addr}:${s1_port}
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+	txreq -url "/" \
+	  -hdr "input:"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.add_item-1 == "var_content_suff_"
+	expect resp.http.add_item-2 == "var_content"
+	expect resp.http.add_item-3 == "_suff_"
+	txreq -url "/" \
+	  -hdr "input: input_string"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.add_item-1 == "input_string,var_content_suff_"
+	expect resp.http.add_item-2 == "input_string,var_content"
+	expect resp.http.add_item-3 == "input_string,_suff_"
+} -run
diff --git a/reg-tests/converter/be2dec.vtc b/reg-tests/converter/be2dec.vtc
new file mode 100644
index 0000000..a0b7104
--- /dev/null
+++ b/reg-tests/converter/be2dec.vtc
@@ -0,0 +1,56 @@
+varnishtest "be2dec converter Test"
+
+feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.5-dev0)'"
+feature ignore_unknown_macro
+
+server s1 {
+	rxreq
+	txresp -hdr "Connection: close"
+} -repeat 3 -start
+
+haproxy h1 -conf {
+    defaults
+	mode http
+	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+    frontend fe
+	bind "fd@${fe}"
+
+	#### requests
+	http-request  set-var(txn.input) req.hdr(input)
+
+	http-response set-header be2dec-1   "%[var(txn.input),be2dec(:,1)]"
+	http-response set-header be2dec-2   "%[var(txn.input),be2dec(-,3)]"
+	http-response set-header be2dec-3   "%[var(txn.input),be2dec(::,3,1)]"
+
+	default_backend be
+
+    backend be
+	server s1 ${s1_addr}:${s1_port}
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+	txreq -url "/" \
+	  -hdr "input:"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.be2dec-1 == ""
+	expect resp.http.be2dec-2 == ""
+	expect resp.http.be2dec-3 == ""
+	txreq -url "/" \
+	  -hdr "input: 0123456789"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.be2dec-1 == "48:49:50:51:52:53:54:55:56:57"
+	expect resp.http.be2dec-2 == "3158322-3355701-3553080-57"
+	expect resp.http.be2dec-3 == "3158322::3355701::3553080"
+	txreq -url "/" \
+	  -hdr "input: abcdefghijklmnopqrstuvwxyz"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.be2dec-1 == "97:98:99:100:101:102:103:104:105:106:107:108:109:110:111:112:113:114:115:116:117:118:119:120:121:122"
+	expect resp.http.be2dec-2 == "6382179-6579558-6776937-6974316-7171695-7369074-7566453-7763832-31098"
+	expect resp.http.be2dec-3 == "6382179::6579558::6776937::6974316::7171695::7369074::7566453::7763832"
+} -run
diff --git a/reg-tests/converter/be2hex.vtc b/reg-tests/converter/be2hex.vtc
new file mode 100644
index 0000000..4cf3dc1
--- /dev/null
+++ b/reg-tests/converter/be2hex.vtc
@@ -0,0 +1,60 @@
+varnishtest "be2hex converter Test"
+
+feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.5-dev0)'"
+feature ignore_unknown_macro
+
+server s1 {
+	rxreq
+	txresp -hdr "Connection: close"
+} -repeat 3 -start
+
+haproxy h1 -conf {
+    defaults
+	mode http
+	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+    frontend fe
+	bind "fd@${fe}"
+
+	#### requests
+	http-request  set-var(txn.input) req.hdr(input)
+
+	http-response set-header be2hex     "%[var(txn.input),be2hex,lower]"
+	http-response set-header be2hex-1   "%[var(txn.input),be2hex(:,1),lower]"
+	http-response set-header be2hex-2   "%[var(txn.input),be2hex(--,3),lower]"
+	http-response set-header be2hex-3   "%[var(txn.input),be2hex(.,3,1),lower]"
+
+	default_backend be
+
+    backend be
+	server s1 ${s1_addr}:${s1_port}
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+	txreq -url "/" \
+	  -hdr "input:"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.be2hex   == ""
+	expect resp.http.be2hex-1 == ""
+	expect resp.http.be2hex-2 == ""
+	expect resp.http.be2hex-3 == ""
+	txreq -url "/" \
+	  -hdr "input: 0123456789"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.be2hex   == "30313233343536373839"
+	expect resp.http.be2hex-1 == "30:31:32:33:34:35:36:37:38:39"
+	expect resp.http.be2hex-2 == "303132--333435--363738--39"
+	expect resp.http.be2hex-3 == "303132.333435.363738"
+	txreq -url "/" \
+	  -hdr "input: abcdefghijklmnopqrstuvwxyz"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.be2hex   == "6162636465666768696a6b6c6d6e6f707172737475767778797a"
+	expect resp.http.be2hex-1 == "61:62:63:64:65:66:67:68:69:6a:6b:6c:6d:6e:6f:70:71:72:73:74:75:76:77:78:79:7a"
+	expect resp.http.be2hex-2 == "616263--646566--676869--6a6b6c--6d6e6f--707172--737475--767778--797a"
+	expect resp.http.be2hex-3 == "616263.646566.676869.6a6b6c.6d6e6f.707172.737475.767778"
+} -run
diff --git a/reg-tests/converter/bytes.vtc b/reg-tests/converter/bytes.vtc
new file mode 100644
index 0000000..8abe401
--- /dev/null
+++ b/reg-tests/converter/bytes.vtc
@@ -0,0 +1,156 @@
+varnishtest "bytes converter Test"
+
+feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.9-dev4)'"
+
+feature ignore_unknown_macro
+
+# TEST - 1
+server s1 {
+	rxreq
+	txresp -hdr "Connection: close"
+} -repeat 1 -start
+
+haproxy h1 -conf {
+	defaults
+		mode http
+		timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+		timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+		timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+	frontend fe
+		bind "fd@${fe}"
+
+		#### requests
+		http-request  set-var(txn.input) req.hdr(input)
+
+		http-response set-header bytes_0      "%[var(txn.input),bytes(0)]"
+		http-response set-header bytes_1      "%[var(txn.input),bytes(1)]"
+		http-response set-header bytes_0_3    "%[var(txn.input),bytes(0,3)]"
+		http-response set-header bytes_1_3    "%[var(txn.input),bytes(1,3)]"
+		http-response set-header bytes_99     "%[var(txn.input),bytes(99)]"
+		http-response set-header bytes_5      "%[var(txn.input),bytes(5)]"
+		http-response set-header bytes_6      "%[var(txn.input),bytes(6)]"
+		http-response set-header bytes_0_6    "%[var(txn.input),bytes(0,6)]"
+		http-response set-header bytes_0_7    "%[var(txn.input),bytes(0,7)]"
+
+		http-response set-var(txn.var_start) int(0)
+		http-response set-header bytes_var0    "%[var(txn.input),bytes(txn.var_start)]"
+
+		http-response set-var(txn.var_start) int(1)
+		http-response set-var(txn.var_length) int(3)
+		http-response set-header bytes_var1_var3    "%[var(txn.input),bytes(txn.var_start,txn.var_length)]"
+
+		http-response set-var(txn.var_start) int(99)
+		http-response set-header bytes_var99  "%[var(txn.input),bytes(txn.var_start)]"
+
+		http-response set-var(txn.var_start) int(0)
+		http-response set-var(txn.var_length) int(7)
+		http-response set-header bytes_var0_var7    "%[var(txn.input),bytes(txn.var_start,txn.var_length)]"
+
+		http-response set-var(txn.var_start) int(1)
+		http-response set-var(txn.var_length) int(3)
+		http-response set-header bytes_var1_3   "%[var(txn.input),bytes(txn.var_start,3)]"
+		http-response set-header bytes_1_var3   "%[var(txn.input),bytes(1,txn.var_length)]"
+
+		http-response set-var(txn.var_start) int(-1)
+		http-response set-var(txn.var_length) int(-1)
+		http-response set-header bytes_varminus1        "%[var(txn.input),bytes(txn.var_start)]"
+		http-response set-header bytes_0_varminus1      "%[var(txn.input),bytes(0,txn.var_length)]"
+
+		http-response set-header bytes_varNA    "%[var(txn.input),bytes(txn.NA)]"
+		http-response set-header bytes_1_varNA  "%[var(txn.input),bytes(1,txn.NA)]"
+
+		default_backend be
+
+	backend be
+		server s1 ${s1_addr}:${s1_port}
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+	txreq -url "/" \
+		-hdr "input: 012345"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.bytes_0 == "012345"
+	expect resp.http.bytes_1 == "12345"
+	expect resp.http.bytes_0_3 == "012"
+	expect resp.http.bytes_1_3 == "123"
+	expect resp.http.bytes_99 == ""
+	expect resp.http.bytes_5 == "5"
+	expect resp.http.bytes_6 == ""
+	expect resp.http.bytes_0_6 == "012345"
+
+	# since specified length is > input length, response contains the input till the end
+	expect resp.http.bytes_0_7 == "012345"
+
+	expect resp.http.bytes_var0 == "012345"
+	expect resp.http.bytes_var1_var3 == "123"
+	expect resp.http.bytes_var99 == ""
+	expect resp.http.bytes_var0_var7 == "012345"
+	expect resp.http.bytes_var1_3 == "123"
+	expect resp.http.bytes_1_var3 == "123"
+	expect resp.http.bytes_varminus1 == ""
+	expect resp.http.bytes_0_varminus1 == ""
+	expect resp.http.bytes_varNA == ""
+	expect resp.http.bytes_1_varNA == ""
+} -run
+
+# TEST - 2
+# negative starting index causes startup failure
+haproxy h2 -conf {
+	defaults
+		mode http
+		timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+		timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+		timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+	frontend fe
+		bind "fd@${fe}"
+
+		http-response set-header bytes_output     "%[var(txn.input),bytes(-1)]"
+
+		default_backend be
+
+	backend be
+		server s1 ${s1_addr}:${s1_port}
+} -start -expectexit 1
+
+# TEST - 3
+# negative length causes startup failure
+haproxy h3 -conf {
+	defaults
+		mode http
+		timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+		timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+		timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+	frontend fe
+		bind "fd@${fe}"
+
+		http-response set-header bytes_output     "%[var(txn.input),bytes(0,-1)]"
+
+		default_backend be
+
+	backend be
+		server s1 ${s1_addr}:${s1_port}
+} -start -expectexit 1
+
+# TEST - 4
+# 0 length causes startup failure
+haproxy h4 -conf {
+	defaults
+		mode http
+		timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+		timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+		timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+	frontend fe
+		bind "fd@${fe}"
+
+		http-response set-header bytes_output     "%[var(txn.input),bytes(0,0)]"
+
+		default_backend be
+
+	backend be
+		server s1 ${s1_addr}:${s1_port}
+} -start -expectexit 1
diff --git a/reg-tests/converter/digest.vtc b/reg-tests/converter/digest.vtc
new file mode 100644
index 0000000..e911ff4
--- /dev/null
+++ b/reg-tests/converter/digest.vtc
@@ -0,0 +1,57 @@
+varnishtest "digest converter Test"
+
+#REQUIRE_VERSION=2.2
+#REQUIRE_OPTION=OPENSSL
+
+feature ignore_unknown_macro
+
+server s1 {
+	rxreq
+	txresp -hdr "Connection: close"
+} -repeat 2 -start
+
+haproxy h1 -conf {
+    defaults
+	mode http
+	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+    frontend fe
+	bind "fd@${fe}"
+
+	#### requests
+	http-request  set-var(txn.hash) req.hdr(hash)
+
+	http-response set-header SHA1   "%[var(txn.hash),digest(sha1),hex,lower]"
+	http-response set-header SHA224   "%[var(txn.hash),digest(sha224),hex,lower]"
+	http-response set-header SHA256   "%[var(txn.hash),digest(sha256),hex,lower]"
+	http-response set-header SHA384   "%[var(txn.hash),digest(sha384),hex,lower]"
+	http-response set-header SHA512   "%[var(txn.hash),digest(sha512),hex,lower]"
+
+	default_backend be
+
+    backend be
+	server s1 ${s1_addr}:${s1_port}
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+	txreq -url "/" \
+	  -hdr "Hash: 1"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.sha1 == "356a192b7913b04c54574d18c28d46e6395428ab"
+	expect resp.http.sha224 == "e25388fde8290dc286a6164fa2d97e551b53498dcbf7bc378eb1f178"
+	expect resp.http.sha256 == "6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b"
+	expect resp.http.sha384 == "47f05d367b0c32e438fb63e6cf4a5f35c2aa2f90dc7543f8a41a0f95ce8a40a313ab5cf36134a2068c4c969cb50db776"
+	expect resp.http.sha512 == "4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a"
+	txreq -url "/" \
+	  -hdr "Hash: 2"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.sha1 == "da4b9237bacccdf19c0760cab7aec4a8359010b0"
+	expect resp.http.sha224 == "58b2aaa0bfae7acc021b3260e941117b529b2e69de878fd7d45c61a9"
+	expect resp.http.sha256 == "d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35"
+	expect resp.http.sha384 == "d063457705d66d6f016e4cdd747db3af8d70ebfd36badd63de6c8ca4a9d8bfb5d874e7fbd750aa804dcaddae7eeef51e"
+	expect resp.http.sha512 == "40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114"
+} -run
diff --git a/reg-tests/converter/field.vtc b/reg-tests/converter/field.vtc
new file mode 100644
index 0000000..3b1d819
--- /dev/null
+++ b/reg-tests/converter/field.vtc
@@ -0,0 +1,43 @@
+varnishtest "field converter Test"
+
+feature ignore_unknown_macro
+
+server s1 {
+	rxreq
+	txresp -hdr "Connection: close"
+} -repeat 3 -start
+
+haproxy h1 -conf {
+    defaults
+	mode http
+	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+    frontend fe
+	bind "fd@${fe}"
+
+	#### requests
+	http-request set-var(txn.uri) path
+	http-response set-header Found %[var(txn.uri),field(3,/)] if { var(txn.uri),field(3,/) -m found }
+
+	default_backend be
+
+    backend be
+	server s1 ${s1_addr}:${s1_port}
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+	txreq -url "/foo/bar/baz"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.found == "bar"
+	txreq -url "/foo//bar/baz"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.found == ""
+	txreq -url "/foo"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.found == "<undef>"
+} -run
diff --git a/reg-tests/converter/fix.vtc b/reg-tests/converter/fix.vtc
new file mode 100644
index 0000000..8206da3
--- /dev/null
+++ b/reg-tests/converter/fix.vtc
@@ -0,0 +1,235 @@
+varnishtest "fix converters Test"
+#REQUIRE_VERSION=2.4
+
+feature ignore_unknown_macro
+
+server s1 {
+    # Valid FIX-4.0 logon
+    recv 92
+    # 8=FIX|4.0|9=66|35=A|34=1|49=EXECUTOR|52=20201029-10:54:19|56=CLIENT1|98=0|108=30|10=147|
+    sendhex "383d4649582e342e3001393d36360133353d410133343d310134393d4558454355544f520135323d32303230313032392d31303a35343a31390135363d434c49454e54310139383d30013130383d33300131303d31343701"
+    close
+
+    # Valid FIX-4.1 logon
+    accept
+    recv 98
+    # 8=FIX.4.1|9=72|35=A|34=1|49=EXECUTOR|52=20201029-12:43:07|56=CLIENT1|98=0|108=30|141=Y|10=187|
+    sendhex "383d4649582e342e3101393d37320133353d410133343d310134393d4558454355544f520135323d32303230313032392d31323a34333a30370135363d434c49454e54310139383d30013130383d3330013134313d590131303d31383701"
+    close
+
+    # Valid FIX-4.2 logon
+    accept
+    recv 98
+    # 8=FIX.4.2|9=79|35=A|34=1|49=EXECUTOR|52=20201029-12:55:12.101414|56=CLIENT1|98=0|108=30|141=Y|10=027|
+    sendhex "383d4649582e342e3201393d37390133353d410133343d310134393d4558454355544f520135323d32303230313032392d31323a35353a31322e3130313431340135363d434c49454e54310139383d30013130383d3330013134313d590131303d30323701"
+    close
+
+    # Valid FIX-4.3 logon
+    accept
+    recv 125
+    # 8=FIX.4.3|9=79|35=A|34=1|49=EXECUTOR|52=20201029-12:58:50.891371|56=CLIENT1|98=0|108=30|141=Y|10=051|
+    sendhex "383d4649582e342e3301393d37390133353d410133343d310134393d4558454355544f520135323d32303230313032392d31323a35383a35302e3839313337310135363d434c49454e54310139383d30013130383d3330013134313d590131303d30353101"
+    close
+
+    # Valid FIX-4.4 logon
+    accept
+    recv 125
+    # 8=FIX.4.4|9=79|35=A|34=1|49=EXECUTOR|52=20201029-13:02:44.535360|56=CLIENT1|98=0|108=30|141=Y|10=038|
+    sendhex "383d4649582e342e3401393d37390133353d410133343d310134393d4558454355544f520135323d32303230313032392d31333a30323a34342e3533353336300135363d434c49454e54310139383d30013130383d3330013134313d590131303d30333801"
+    close
+
+    # Valid FIX-5.0 logon
+    accept
+    recv 140
+    # 8=FIXT.1.1|9=86|35=A|34=1|49=EXECUTOR|52=20201029-13:13:22.626384|56=CLIENT1|98=0|108=30|141=Y|1137=7|10=184|
+    sendhex "383d464958542e312e3101393d38360133353d410133343d310134393d4558454355544f520135323d32303230313032392d31333a31333a32322e3632363338340135363d434c49454e54310139383d30013130383d3330013134313d5901313133373d370131303d31383401"
+} -start
+
+server s2 {
+    # Valid FIX-4.4 logon
+    recv 125
+    # 8=FIX.4.4|9=79|35=A|34=1|49=EXECUTOR|52=20201029-13:02:44.535360|56=CLIENT1|98=0|108=30|141=Y|10=038|
+    sendhex "383d4649582e342e3401393d37390133353d410133343d310134393d4558454355544f520135323d32303230313032392d31333a30323a34342e3533353336300135363d434c49454e54310139383d30013130383d3330013134313d590131303d30333801"
+
+} -start
+
+haproxy h1 -conf {
+    defaults
+        mode tcp
+        timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+        timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+        timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+    frontend fe1
+        bind "fd@${fe1}"
+        tcp-request inspect-delay 1s
+        tcp-request content reject unless { req.payload(0,0),fix_is_valid }
+        default_backend be1
+
+    frontend fe2
+        bind "fd@${fe2}"
+        tcp-request inspect-delay 1s
+        tcp-request content reject unless { req.payload(0,0),fix_is_valid }
+        tcp-request content set-var(req.fix_vsn)    req.payload(0,0),fix_tag_value(BeginString)
+        tcp-request content set-var(req.fix_len)    req.payload(0,0),fix_tag_value(BodyLength)
+        tcp-request content set-var(req.fix_type)   req.payload(0,0),fix_tag_value(MsgType)
+        tcp-request content set-var(req.fix_sender) req.payload(0,0),fix_tag_value(SenderCompID)
+        tcp-request content set-var(req.fix_target) req.payload(0,0),fix_tag_value(TargetCompID)
+        tcp-request content set-var(req.fix_chksum) req.payload(0,0),fix_tag_value(CheckSum)
+        tcp-request content reject if ! { var(req.fix_vsn) -m str "FIX.4.4" }     || ! { var(req.fix_len) -m str "102" }
+        tcp-request content reject if ! { var(req.fix_type) -m str "A" }          || ! { var(req.fix_sender) -m str "CLIENT1" }
+        tcp-request content reject if ! { var(req.fix_target) -m str "EXECUTOR" } || ! { var(req.fix_chksum) -m str "252" }
+        default_backend be2
+
+    backend be1
+        server s1 ${s1_addr}:${s1_port}
+        tcp-response inspect-delay 1s
+        tcp-response content reject unless { res.payload(0,0),fix_is_valid }
+
+    backend be2
+        server s2 ${s2_addr}:${s2_port}
+        tcp-response inspect-delay 1s
+        tcp-response content reject unless { res.payload(0,0),fix_is_valid }
+        tcp-response content set-var(res.fix_vsn)    res.payload(0,0),fix_tag_value(8)
+        tcp-response content set-var(res.fix_len)    res.payload(0,0),fix_tag_value(9)
+        tcp-response content set-var(res.fix_type)   res.payload(0,0),fix_tag_value(35)
+        tcp-response content set-var(res.fix_sender) res.payload(0,0),fix_tag_value(49)
+        tcp-response content set-var(res.fix_target) res.payload(0,0),fix_tag_value(56)
+        tcp-response content set-var(res.fix_chksum) res.payload(0,0),fix_tag_value(10)
+        tcp-response content reject if ! { var(res.fix_vsn) -m str "FIX.4.4" }    || ! { var(res.fix_len) -m str "79" }
+        tcp-response content reject if ! { var(res.fix_type) -m str "A" }         || ! { var(res.fix_sender) -m str "EXECUTOR" }
+        tcp-response content reject if ! { var(res.fix_target) -m str "CLIENT1" } || ! { var(res.fix_chksum) -m str "038" }
+} -start
+
+client c1_4_0 -connect ${h1_fe1_sock} {
+    # Valid FIX-4.0 logon
+    # 8=FIX|4.0|9=70|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-10:54:19.617|98=0|108=30|10=090|
+    sendhex "383d4649582e342e3001393d37300133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31303a35343a31392e3631370139383d30013130383d33300131303d30393001"
+    recv 88
+    expect_close
+} -run
+
+client c1_4_1 -connect ${h1_fe1_sock} {
+    # Valid FIX-4.1 logon
+    # 8=FIX.4.1|9=76|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-12:43:07.940|98=0|108=30|141=Y|10=138|
+    sendhex "383d4649582e342e3101393d37360133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31323a34333a30372e3934300139383d30013130383d3330013134313d590131303d31333801"
+    recv 94
+    expect_close
+} -run
+
+client c1_4_2 -connect ${h1_fe1_sock} {
+    # Valid FIX-4.2 logon
+    # 8=FIX.4.2|9=76|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-12:55:12.100|98=0|108=30|141=Y|10=126|
+    sendhex "383d4649582e342e3201393d37360133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31323a35353a31322e3130300139383d30013130383d3330013134313d590131303d31323601"
+    recv 101
+    expect_close
+} -run
+
+client c1_4_3 -connect ${h1_fe1_sock} {
+    # Valid FIX-4.3 logon
+    # 8=FIX.4.3|9=102|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-12:58:50.889|98=0|108=30|141=Y|553=Username|554=Password|10=012|
+    sendhex "383d4649582e342e3301393d3130320133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31323a35383a35302e3838390139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d30313201"
+    recv 101
+    expect_close
+} -run
+
+client c1_4_4 -connect ${h1_fe1_sock} {
+    # Valid FIX-4.4 logon
+    # 8=FIX.4.4|9=102|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=252|
+    sendhex "383d4649582e342e3401393d3130320133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201"
+    recv 101
+    expect_close
+} -run
+
+client c1_5_0 -connect ${h1_fe1_sock} {
+    # Valid FIX-5.0 logon
+    # 8=FIXT.1.1|9=116|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:13:22.624|1128=7|98=0|108=30|141=Y|553=Username|554=Password|1137=7|10=204|
+    sendhex "383d464958542e312e3101393d3131360133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a31333a32322e36323401313132383d370139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f726401313133373d370131303d32303401"
+    recv 109
+    expect_close
+} -run
+
+client c2_1 -connect ${h1_fe1_sock} {
+    # InValid FIX-4.4: Empty TagName (missing EncryptMethod <98> tag name)
+    # 8=FIX.4.4|9=100|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|=0|108=30|141=Y|553=Username|554=Password|10=252|
+    sendhex "383d4649582e342e3401393d3130300133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e353238013d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201"
+    expect_close
+} -run
+
+client c2_2 -connect ${h1_fe1_sock} {
+    # InValid FIX-4.4: Empty TagValue (missing EncryptMethod <98> tag value)
+    # 8=FIX.4.4|9=101|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=|108=30|141=Y|553=Username|554=Password|10=252|
+    sendhex "383d4649582e342e3401393d3130310133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201"
+    expect_close
+} -run
+
+client c2_3 -connect ${h1_fe1_sock} {
+    # InValid FIX-4.4: Empty Tag no delimiter (missing delimiter for EncryptMethod <98> tag)
+    # 8=FIX.4.4|9=101|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98|108=30|141=Y|553=Username|554=Password|10=252|
+    sendhex "383d4649582e342e3401393d3130300133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e353238013938013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201"
+    expect_close
+} -run
+
+client c2_4 -connect ${h1_fe1_sock} {
+    # Invalid FIX-4.4: First tag != BeginString
+    # 9=102|8=FIX.4.4|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=252|
+    sendhex "393d31303201383d4649582e342e340133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201"
+    expect_close
+} -run
+
+client c2_5 -connect ${h1_fe1_sock} {
+    # Invalid FIX-4.4: Second tag != BodyLength
+    # 8=FIX.4.4|35=A|9=102|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=252|
+    sendhex "383d4649582e342e340133353d4101393d3130320134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201"
+    expect_close
+} -run
+
+client c2_6 -connect ${h1_fe1_sock} {
+    # Invalid FIX-4.4: Third tag != MsgType
+    # 8=FIX.4.4|9=102|49=CLIENT1|35=A|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=252|
+    sendhex "383d4649582e342e3401393d3130320134393d434c49454e54310133353d410135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201"
+    expect_close
+} -run
+
+client c2_7 -connect ${h1_fe1_sock} {
+    # Invalid FIX-4.4: Bad body length (too short 100 != 102)
+    # 8=FIX.4.4|9=100|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=252|
+    sendhex "383d4649582e342e3401393d3130300133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201"
+    expect_close
+} -run
+
+client c2_8 -connect ${h1_fe1_sock} {
+    # Invalid FIX-4.4: Bad body length (too long 105 != 102)
+    # 8=FIX.4.4|9=105|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=252|XXX
+    sendhex "383d4649582e342e3401393d3130350133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201585858"
+    expect_close
+} -run
+
+client c2_9 -connect ${h1_fe1_sock} {
+    # Invalid FIX-4.4: Too short checksum value (< 3 digit)
+    # 8=FIX.4.4|9=102|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=25|
+    sendhex "383d4649582e342e3401393d3130320133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d323501"
+    expect_close
+} -run
+
+client c2_10 -connect ${h1_fe1_sock} {
+    # Invalid FIX-4.4: Too long checksum value (> 3 digit)
+    # 8=FIX.4.4|9=102|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=2520|
+    sendhex "383d4649582e342e3401393d3130320133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d3235323001"
+    expect_close
+} -run
+
+client c2_11 -connect ${h1_fe1_sock} {
+    # Invalid FIX-4.4: invalid checksum value (253 != 252)
+    # 8=FIX.4.4|9=102|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=253|
+    sendhex "383d4649582e342e3401393d3130320133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353301"
+    expect_close
+} -run
+
+
+client c3_1 -connect ${h1_fe2_sock} {
+    # 8=FIX.4.4|9=102|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=252|
+    sendhex "383d4649582e342e3401393d3130320133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201"
+    recv 101
+    expect_close
+} -run
diff --git a/reg-tests/converter/hmac.vtc b/reg-tests/converter/hmac.vtc
new file mode 100644
index 0000000..230a44d
--- /dev/null
+++ b/reg-tests/converter/hmac.vtc
@@ -0,0 +1,55 @@
+varnishtest "HMAC converter Test"
+
+#REQUIRE_VERSION=2.2
+#REQUIRE_OPTION=OPENSSL
+
+feature ignore_unknown_macro
+
+server s1 {
+	rxreq
+	txresp -hdr "Connection: close"
+} -repeat 2 -start
+
+haproxy h1 -conf {
+    defaults
+	mode http
+	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+    frontend fe
+	bind "fd@${fe}"
+
+	#### requests
+	http-request  set-var(txn.hash) req.hdr(hash)
+	http-request  set-var(txn.key) str(my_super_secret_long_key),base64
+
+	http-response set-header SHA1-short   "%[var(txn.hash),hmac(sha1,a2V5),hex,lower]"
+	http-response set-header SHA1-long   "%[var(txn.hash),hmac(sha1,txn.key),hex,lower]"
+	http-response set-header SHA256-short   "%[var(txn.hash),hmac(sha256,a2V5),hex,lower]"
+	http-response set-header SHA256-long   "%[var(txn.hash),hmac(sha256,txn.key),hex,lower]"
+
+	default_backend be
+
+    backend be
+	server s1 ${s1_addr}:${s1_port}
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+	txreq -url "/" \
+	  -hdr "Hash: 1"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.sha1-short == "e23feb105f9622241bf23db1638cd2b4208b1f53"
+	expect resp.http.sha1-long == "87b10ddcf39e26f6bd7c3b0e38e0125997b255be"
+	expect resp.http.sha256-short == "6da91fb91517be1f5cdcf3af91d7d40c717dd638a306157606fb2e584f7ae926"
+	expect resp.http.sha256-long == "2fb3de6a462c54d1803f946b52202f3a8cd46548ffb3f789b4ac11a4361ffef2"
+	txreq -url "/" \
+	  -hdr "Hash: 2"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.sha1-short == "311219c4a80c5ef81b1cee5505236c1d0ab1922c"
+	expect resp.http.sha1-long == "c5758af565ba4b87b3db49c8b32d4a94d430cb78"
+	expect resp.http.sha256-short == "ae7b3ee87b8c9214f714df1c2042c7a985b9d711e9938a063937ad1636775a88"
+	expect resp.http.sha256-long == "c073191a2ebf29f510444b92c187d62199d84b58f58dceeadb91994c170a9a16"
+} -run
diff --git a/reg-tests/converter/iif.vtc b/reg-tests/converter/iif.vtc
new file mode 100644
index 0000000..f412daf
--- /dev/null
+++ b/reg-tests/converter/iif.vtc
@@ -0,0 +1,46 @@
+varnishtest "iif converter Test"
+#REQUIRE_VERSION=2.3
+
+feature ignore_unknown_macro
+
+server s1 {
+	rxreq
+	txresp -hdr "Connection: close"
+} -repeat 3 -start
+
+haproxy h1 -conf {
+    defaults
+	mode http
+	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+    frontend fe
+	bind "fd@${fe}"
+
+	#### requests
+	http-request set-var(txn.iif) req.hdr_cnt(count),iif(ok,ko)
+	http-response set-header iif %[var(txn.iif)]
+
+	default_backend be
+
+    backend be
+	server s1 ${s1_addr}:${s1_port}
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+	txreq
+	rxresp
+	expect resp.status == 200
+	expect resp.http.iif == "ko"
+	txreq \
+		-hdr "count: 1"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.iif == "ok"
+	txreq \
+		-hdr "count: 1,2"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.iif == "ok"
+} -run
diff --git a/reg-tests/converter/json.vtc b/reg-tests/converter/json.vtc
new file mode 100644
index 0000000..1f37c9f
--- /dev/null
+++ b/reg-tests/converter/json.vtc
@@ -0,0 +1,40 @@
+varnishtest "json converter test"
+
+
+feature ignore_unknown_macro
+
+server s1 {
+	rxreq
+	txresp
+} -repeat 2 -start
+
+haproxy h1 -conf {
+    defaults
+	mode http
+	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+    frontend fe
+	bind "fd@${fe}"
+
+	http-response set-header json0 "%[str(foo 1/2),json]"
+	# bad UTF-8 sequence
+	http-response set-header json1 "%[str(\xE0),json(utf8)]"
+	# bad UTF-8 sequence, but removes them
+	http-response set-header json2 "%[str(-\xE0-),json(utf8s)]"
+
+	default_backend be
+
+    backend be
+	server s1 ${s1_addr}:${s1_port}
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+	txreq -url "/"
+	rxresp
+	expect resp.http.json0 == "foo 1\\/2"
+	expect resp.http.json1 == ""
+	expect resp.http.json2 == "--"
+	expect resp.status == 200
+} -run
diff --git a/reg-tests/converter/json_query.vtc b/reg-tests/converter/json_query.vtc
new file mode 100644
index 0000000..f4e3bb2
--- /dev/null
+++ b/reg-tests/converter/json_query.vtc
@@ -0,0 +1,107 @@
+varnishtest "JSON Query converters Test"
+#REQUIRE_VERSION=2.4
+
+feature ignore_unknown_macro
+
+server s1 {
+	rxreq
+	txresp -hdr "Connection: close"
+} -repeat 8 -start
+
+haproxy h1 -conf {
+    global
+        # WT: limit false-positives causing "HTTP header incomplete" due to
+        # idle server connections being randomly used and randomly expiring
+        # under us.
+        tune.idle-pool.shared off
+
+    defaults
+	mode http
+	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+	option http-buffer-request
+
+    frontend fe
+	bind "fd@${fe}"
+	tcp-request inspect-delay 1s
+
+	http-request set-var(sess.header_json) req.hdr(Authorization),json_query('$.iss')
+	http-request set-var(sess.pay_json) req.body,json_query('$.iss')
+	http-request set-var(sess.pay_int) req.body,json_query('$.integer',"int"),add(1)
+	http-request set-var(sess.pay_neg_int) req.body,json_query('$.negativ-integer',"int"),add(1)
+	http-request set-var(sess.pay_double) req.body,json_query('$.double')
+	http-request set-var(sess.pay_boolean_true) req.body,json_query('$.boolean-true')
+	http-request set-var(sess.pay_boolean_false) req.body,json_query('$.boolean-false')
+	http-request set-var(sess.pay_mykey) req.body,json_query('$.my\\.key')
+
+	http-response set-header x-var_header %[var(sess.header_json)]
+	http-response set-header x-var_body %[var(sess.pay_json)]
+	http-response set-header x-var_body_int %[var(sess.pay_int)]
+	http-response set-header x-var_body_neg_int %[var(sess.pay_neg_int)]
+	http-response set-header x-var_body_double %[var(sess.pay_double)]
+	http-response set-header x-var_body_boolean_true %[var(sess.pay_boolean_true)]
+	http-response set-header x-var_body_boolean_false %[var(sess.pay_boolean_false)]
+	http-response set-header x-var_body_mykey %[var(sess.pay_mykey)]
+
+	default_backend be
+
+    backend be
+	server s1 ${s1_addr}:${s1_port}
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+	txreq -url "/" \
+	  -hdr "Authorization: {\"iss\":\"kubernetes.io/serviceaccount\"}"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.x-var_header ~ "kubernetes.io/serviceaccount"
+
+	txreq -url "/" \
+	  -body "{\"iss\":\"kubernetes.io/serviceaccount\"}"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.x-var_body ~ "kubernetes.io/serviceaccount"
+
+	txreq -url "/" \
+	  -body "{\"integer\":4}"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.x-var_body_int ~ "5"
+
+	txreq -url "/" \
+	  -body "{\"integer\":-4}"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.x-var_body_int ~ "-3"
+
+	txreq -url "/" \
+	  -body "{\"double\":4.5}"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.x-var_body_double ~ "4.5"
+
+	txreq -url "/" \
+	  -body "{\"boolean-true\":true}"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.x-var_body_boolean_true == 1
+
+	txreq -url "/" \
+	  -body "{\"boolean-false\":false}"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.x-var_body_boolean_false == 0
+
+	txreq -url "/" \
+	  -body "{\"my.key\":\"myvalue\"}"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.x-var_body_mykey ~ "myvalue"
+
+	txreq -url "/" \
+	 -body "{\"my.key\":[\"val1\",\"val2\",\"val3\"],\"key2\":\"val4\"}"
+	expect resp.status == 200
+	expect resp.http.x-var_body_mykey ~ "[\"val1\",\"val2\",\"val3\"]"
+
+} -run
diff --git a/reg-tests/converter/mqtt.vtc b/reg-tests/converter/mqtt.vtc
new file mode 100644
index 0000000..fc3daca
--- /dev/null
+++ b/reg-tests/converter/mqtt.vtc
@@ -0,0 +1,238 @@
+varnishtest "mqtt converters Test"
+#REQUIRE_VERSION=2.4
+
+feature ignore_unknown_macro
+
+server s1 {
+    # MQTT 3.1.1 CONNECT packet (id: test_subaaaaaa... [len = 200])
+    recv 215
+    sendhex "20020000"
+    close
+
+    # MQTT 3.1.1 CONNECT packet (id: <empty> - username: test - passwd: passwd)
+    accept
+    recv 28
+    sendhex "20020000"
+    close
+
+    # MQTT 3.1.1 CONNECT packet (id: test_sub - username: test - passwd: passwd - will_topic: willtopic - will_payload: willpayload)
+    accept
+    recv 60
+    sendhex "20020000"
+    close
+
+    # MQTT 5.0 CONNECT packet (id: test_sub)
+    accept
+    recv 26
+    sendhex "200600000322000a"
+
+    # MQTT 5.0 CONNECT packet (id: test_sub - username: test - passwd: passwd)
+    accept
+    recv 40
+    sendhex "200600000322000a"
+
+    # MQTT 5.0 complex CONNECT/CONNACK packet
+    accept
+    recv 128
+    sendhex "20250000221100000078217fff24012501270000ffff22000a2600016100016226000163000164"
+    close
+
+    # Invalid MQTT 3.1.1 CONNACK packet with invalid flags (!= 0x00)
+    accept
+    recv 22
+    sendhex "21020000"
+    expect_close
+
+    # MQTT 3.1 CONNECT packet (id: test_sub - username: test - passwd: passwd)
+    accept
+    recv 38
+    sendhex "20020000"
+} -start
+
+server s2 {
+    # MQTT 5.0 complex CONNECT packet
+    recv 128
+    sendhex "20250000221100000078217fff24012501270000ffff22000a2600016100016226000163000164"
+} -start
+
+haproxy h1 -conf {
+    defaults
+        mode tcp
+        timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+        timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+        timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+    frontend fe1
+        bind "fd@${fe1}"
+        tcp-request inspect-delay 1s
+        tcp-request content reject unless { req.payload(0,0),mqtt_is_valid }
+        default_backend be1
+
+    frontend fe2
+        bind "fd@${fe2}"
+        tcp-request inspect-delay 1s
+        tcp-request content reject unless { req.payload(0,0),mqtt_is_valid }
+        tcp-request content set-var(req.flags)        req.payload(0,0),mqtt_field_value(connect,flags)
+        tcp-request content set-var(req.protoname)    req.payload(0,0),mqtt_field_value(connect,protocol_name)
+        tcp-request content set-var(req.protovsn)     req.payload(0,0),mqtt_field_value(connect,protocol_version)
+        tcp-request content set-var(req.clientid)     req.payload(0,0),mqtt_field_value(connect,client_identifier)
+        tcp-request content set-var(req.willtopic)    req.payload(0,0),mqtt_field_value(connect,will_topic)
+        tcp-request content set-var(req.willbody)     req.payload(0,0),mqtt_field_value(connect,will_payload)
+        tcp-request content set-var(req.user)         req.payload(0,0),mqtt_field_value(connect,username)
+        tcp-request content set-var(req.pass)         req.payload(0,0),mqtt_field_value(connect,password)
+        tcp-request content set-var(req.maxpktsz)     req.payload(0,0),mqtt_field_value(connect,39)
+        tcp-request content set-var(req.reqpbinfo)    req.payload(0,0),mqtt_field_value(connect,23)
+        tcp-request content set-var(req.ctype)        req.payload(0,0),mqtt_field_value(connect,3)
+        tcp-request content set-var(req.willrsptopic) req.payload(0,0),mqtt_field_value(connect,8)
+        tcp-request content reject if ! { var(req.protoname) -m str "MQTT" }      || ! { var(req.protovsn) -m str "5" }
+        tcp-request content reject if ! { var(req.flags) -m str "238" }           || ! { var(req.clientid) -m str "test_sub" }
+        tcp-request content reject if ! { var(req.user) -m str "test" }           || ! { var(req.pass) -m str "passwd" }
+        tcp-request content reject if ! { var(req.willtopic) -m str "willtopic" } || ! { var(req.willbody) -m str "willpayload" }
+        tcp-request content reject if ! { var(req.maxpktsz) -m str "20" }         || ! { var(req.reqpbinfo) -m str "1" }
+        tcp-request content reject if ! { var(req.ctype) -m str "text/plain" }    || ! { var(req.willrsptopic) -m str "willrsptopic" }
+        default_backend be2
+
+    backend be1
+        server s1 ${s1_addr}:${s1_port}
+        tcp-response inspect-delay 1s
+        tcp-response content reject unless { res.payload(0,0),mqtt_is_valid }
+
+    backend be2
+        server s2 ${s2_addr}:${s2_port}
+        tcp-response inspect-delay 1s
+        tcp-response content reject unless { res.payload(0,0),mqtt_is_valid }
+        tcp-response content set-var(res.flags)         res.payload(0,0),mqtt_field_value(connack,flags)
+        tcp-response content set-var(res.protovsn)      res.payload(0,0),mqtt_field_value(connack,protocol_version)
+        tcp-response content set-var(res.rcode)         res.payload(0,0),mqtt_field_value(connack,reason_code)
+        tcp-response content set-var(res.sessexpint)    res.payload(0,0),mqtt_field_value(connack,17)
+        tcp-response content set-var(res.recvmax)       res.payload(0,0),mqtt_field_value(connack,33)
+        tcp-response content set-var(res.maxqos)        res.payload(0,0),mqtt_field_value(connack,36)
+        tcp-response content set-var(res.retainavail)   res.payload(0,0),mqtt_field_value(connack,37)
+        tcp-response content set-var(res.maxpktsz)      res.payload(0,0),mqtt_field_value(connack,39)
+        tcp-response content set-var(res.topicaliasmax) res.payload(0,0),mqtt_field_value(connack,34)
+        tcp-response content reject if ! { var(res.protovsn) -m str "5" }    || ! { var(res.flags) -m str "0" }
+        tcp-response content reject if ! { var(res.rcode) -m str "0" }       || ! { var(res.sessexpint) -m str "120" }
+        tcp-response content reject if ! { var(res.recvmax) -m str "32767" } || ! { var(res.maxqos) -m str "1" }
+        tcp-response content reject if ! { var(res.retainavail) -m str "1" } || ! { var(res.maxpktsz) -m str "65535" }
+        tcp-response content reject if ! { var(res.topicaliasmax) -m str "10" }
+} -start
+
+client c1_311_1 -connect ${h1_fe1_sock} {
+    # Valid MQTT 3.1.1 CONNECT packet (id: test_sub)
+    sendhex "10d40100044d5154540402003c00c8746573745f737562616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161"
+    recv 4
+    expect_close
+} -run
+
+client c1_311_2 -connect ${h1_fe1_sock} {
+    # Valid MQTT 3.1.1 CONNECT packet (id: <empty> - username: test - passwd: passwd)
+    sendhex "101a00044d51545404c2003c00000004746573740006706173737764"
+    recv 4
+    expect_close
+} -run
+
+client c1_311_3 -connect ${h1_fe1_sock} {
+    # Valid MQTT 3.1.1 CONNECT packet (id: test_sub - username: test - passwd: passwd - will_topic: willtopic - will_payload: willpayload)
+    sendhex "103a00044d51545404ee003c0008746573745f737562000977696c6c746f706963000b77696c6c7061796c6f61640004746573740006706173737764"
+    recv 4
+    expect_close
+} -run
+
+client c1_50_1 -connect ${h1_fe1_sock} {
+    # Valid MQTT 5.0 CONNECT packet (id: test_sub)
+    sendhex "101800044d5154540502003c032100140008746573745f737562"
+    recv 8
+    expect_close
+} -run
+
+client c1_50_2 -connect ${h1_fe1_sock} {
+    # Valid MQTT 5.0 CONNECT packet (id: test_sub - username: test - passwd: passwd)
+    sendhex "102600044d51545405c2003c032100140008746573745f7375620004746573740006706173737764"
+    recv 8
+    expect_close
+} -run
+
+client c1_50_3 -connect ${h1_fe1_sock} {
+    # Valid MQTT 5.0 complex CONNECT/CONNACK packet
+    sendhex "107e00044d51545405ee003c182700000014170126000161000162260001630001642100140008746573745f7375622a03000a746578742f706c61696e08000c77696c6c727370746f7069632600016500016626000167000168000977696c6c746f706963000b77696c6c7061796c6f61640004746573740006706173737764"
+    recv 39
+    expect_close
+} -run
+
+client c2_311_1 -connect ${h1_fe1_sock} {
+    # Invalid MQTT 3.1.1 PINREQ
+    sendhex "d000"
+    expect_close
+} -run
+
+client c2_311_2 -connect ${h1_fe1_sock} {
+    # Invalid MQTT 3.1.1 CONNECT packet with invalid flags (!= 0x00)
+    sendhex "111400044d5154540402003c0008746573745f737562"
+    expect_close
+} -run
+
+client c2_311_3 -connect ${h1_fe1_sock} {
+    # Invalid MQTT 3.1.1 CONNACK packet with invalid flags (!= 0x00)
+    sendhex "101400044d5154540402003c0008746573745f737562"
+    expect_close
+} -run
+
+client c2_311_4 -connect ${h1_fe1_sock} {
+    # Invalid MQTT 3.1.1 CONNECT with too long remaing_length ( > 4 bytes)
+    sendhex "10ffffffff1400044d5154540402003c0008746573745f737562"
+    expect_close
+} -run
+
+client c2_311_4 -connect ${h1_fe1_sock} {
+    # Invalid MQTT 3.1.1 CONNECT with not matching ( 0x13 != 0x14)
+    sendhex "101300044d5154540402003c000874657374a5f737562"
+    expect_close
+} -run
+
+client c2_311_4 -connect ${h1_fe1_sock} {
+    # Invalid MQTT 3.1.1 CONNECT with not matching ( 0x18 != 0x14)
+    sendhex "101800044d5154540402003c000874657374a5f737562ffffffff"
+    expect_close
+} -run
+
+
+client c2_50_1 -connect ${h1_fe2_sock} {
+    # complex MQTT 5.0 CONNECT/CONNACK packet
+    #  - CONNECT :
+    #     client-id   : test_sub
+    #     username    : test
+    #     password    : passwd
+    #     will-topic  : willtopic
+    #     will-payload: willpayload
+    #     connect props:
+    #         maximum-packet-size        : 20
+    #         request-problem-information: 1
+    #         user-property              : name=a value=b
+    #         user-property              : name=c value=d
+    #     will props:
+    #         content-type  : text/plain
+    #         response-topic: willrsptopic
+    #         user-property : name=e value=f
+    #         user-property : name=g value=h
+    #  - CONNACK :
+    #    flags      : 0x00
+    #    reason-code: 0x00
+    #    connack props:
+    #         session-Expiry-interval: 120
+    #         receive-maximum        : 32767
+    #         maximum-qos            : 1
+    #         retain-available       : 1
+    #         maximum-packet-size    : 65535
+    #         topic-alias-maximum    : 10
+    #         user-property          : name=a value=b
+    #         user-property          : name=c value=d
+    sendhex "107e00044d51545405ee003c182700000014170126000161000162260001630001642100140008746573745f7375622a03000a746578742f706c61696e08000c77696c6c727370746f7069632600016500016626000167000168000977696c6c746f706963000b77696c6c7061796c6f61640004746573740006706173737764"
+    recv 39
+    expect_close
+} -run
+
+client c3_31_1 -connect ${h1_fe1_sock} {
+    # Valid MQTT 3.1 CONNECT packet (id: test_sub - username: test - passwd: passwd)
+    sendhex "102400064d514973647003c200000008746573745f7375620004746573740006706173737764"
+    recv 4
+} -run
\ No newline at end of file
diff --git a/reg-tests/converter/param.vtc b/reg-tests/converter/param.vtc
new file mode 100644
index 0000000..1633603
--- /dev/null
+++ b/reg-tests/converter/param.vtc
@@ -0,0 +1,80 @@
+varnishtest "param converter Test"
+
+feature ignore_unknown_macro
+
+server s1 {
+	rxreq
+	txresp -hdr "Connection: close"
+} -repeat 10 -start
+
+haproxy h1 -conf {
+	defaults
+	mode http
+	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+	frontend fe
+	bind "fd@${fe}"
+
+	### requests
+	http-request set-var(txn.query) query
+	http-response set-header Found %[var(txn.query),param(test)] if { var(txn.query),param(test) -m found }
+
+	default_backend be
+
+	backend be
+	server s1 ${s1_addr}:${s1_port}
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+	txreq -url "/foo/?test=1&b=4&d"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.found == "1"
+
+	txreq -url "/?a=1&b=4&test=34"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.found == "34"
+
+	txreq -url "/?test=bar"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.found == "bar"
+
+	txreq -url "/?a=b&c=d"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.found == "<undef>"
+
+	txreq -url "/?a=b&test=t&c=d"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.found == "t"
+
+	txreq -url "/?a=b&test&c=d"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.found == ""
+
+	txreq -url "/?test="
+	rxresp
+	expect resp.status == 200
+	expect resp.http.found == ""
+
+    txreq -url "/?a=b&test"
+    rxresp
+    expect resp.status == 200
+    expect resp.http.found == ""
+
+    txreq -url "/?testing=123"
+    rxresp
+    expect resp.status == 200
+    expect resp.http.found == "<undef>"
+
+    txreq -url "/?testing=123&test=4"
+    rxresp
+    expect resp.status == 200
+    expect resp.http.found == "4"
+} -run
diff --git a/reg-tests/converter/secure_memcmp.vtc b/reg-tests/converter/secure_memcmp.vtc
new file mode 100644
index 0000000..6ff74e6
--- /dev/null
+++ b/reg-tests/converter/secure_memcmp.vtc
@@ -0,0 +1,143 @@
+varnishtest "secure_memcmp converter Test"
+
+#REQUIRE_VERSION=2.2
+#REQUIRE_OPTION=OPENSSL
+
+feature ignore_unknown_macro
+
+server s1 {
+	rxreq
+	txresp -hdr "Connection: close"
+} -repeat 4 -start
+
+server s2 {
+	rxreq
+	txresp -hdr "Connection: close"
+} -repeat 7 -start
+
+haproxy h1 -conf {
+    global
+        # WT: limit false-positives causing "HTTP header incomplete" due to
+        # idle server connections being randomly used and randomly expiring
+        # under us.
+        tune.idle-pool.shared off
+
+    defaults
+	mode http
+	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+    frontend fe
+	# This frontend matches two base64 encoded values and does not need to
+	# handle null bytes.
+
+	bind "fd@${fe}"
+
+	#### requests
+	http-request  set-var(txn.hash) req.hdr(hash)
+	http-request  set-var(txn.raw) req.hdr(raw)
+
+	acl is_match var(txn.raw),sha1,base64,secure_memcmp(txn.hash)
+
+	http-response set-header Match true  if  is_match
+	http-response set-header Match false if !is_match
+
+	default_backend be
+
+    frontend fe2
+	# This frontend matches two binary values, needing to handle null
+	# bytes.
+	bind "fd@${fe2}"
+
+	#### requests
+	http-request  set-var(txn.hash) req.hdr(hash),b64dec
+	http-request  set-var(txn.raw) req.hdr(raw)
+
+	acl is_match var(txn.raw),sha1,secure_memcmp(txn.hash)
+
+	http-response set-header Match true  if  is_match
+	http-response set-header Match false if !is_match
+
+	default_backend be2
+
+    backend be
+	server s1 ${s1_addr}:${s1_port}
+
+    backend be2
+	server s2 ${s2_addr}:${s2_port}
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+	txreq -url "/" \
+	  -hdr "Raw: 1" \
+	  -hdr "Hash: NWoZK3kTsExUV00Ywo1G5jlUKKs="
+	rxresp
+	expect resp.status == 200
+	expect resp.http.match == "true"
+	txreq -url "/" \
+	  -hdr "Raw: 2" \
+	  -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELA="
+	rxresp
+	expect resp.status == 200
+	expect resp.http.match == "true"
+	txreq -url "/" \
+	  -hdr "Raw: 2" \
+	  -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELX="
+	rxresp
+	expect resp.status == 200
+	expect resp.http.match == "false"
+	txreq -url "/" \
+	  -hdr "Raw: 3" \
+	  -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELA="
+	rxresp
+	expect resp.status == 200
+	expect resp.http.match == "false"
+} -run
+
+client c2 -connect ${h1_fe2_sock} {
+	txreq -url "/" \
+	  -hdr "Raw: 1" \
+	  -hdr "Hash: NWoZK3kTsExUV00Ywo1G5jlUKKs="
+	rxresp
+	expect resp.status == 200
+	expect resp.http.match == "true"
+	txreq -url "/" \
+	  -hdr "Raw: 2" \
+	  -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELA="
+	rxresp
+	expect resp.status == 200
+	expect resp.http.match == "true"
+	txreq -url "/" \
+	  -hdr "Raw: 2" \
+	  -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELX="
+	rxresp
+	expect resp.status == 200
+	expect resp.http.match == "false"
+	txreq -url "/" \
+	  -hdr "Raw: 3" \
+	  -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELA="
+	rxresp
+	expect resp.status == 200
+	expect resp.http.match == "false"
+
+	# Test for values with leading nullbytes.
+	txreq -url "/" \
+	  -hdr "Raw: 6132845" \
+	  -hdr "Hash: AAAAVaeL9nNcSok1j6sd40EEw8s="
+	rxresp
+	expect resp.status == 200
+	expect resp.http.match == "true"
+	txreq -url "/" \
+	  -hdr "Raw: 49177200" \
+	  -hdr "Hash: AAAA9GLglTNv2JoMv2n/w9Xadhc="
+	rxresp
+	expect resp.status == 200
+	expect resp.http.match == "true"
+	txreq -url "/" \
+	  -hdr "Raw: 6132845" \
+	  -hdr "Hash: AAAA9GLglTNv2JoMv2n/w9Xadhc="
+	rxresp
+	expect resp.status == 200
+	expect resp.http.match == "false"
+} -run
diff --git a/reg-tests/converter/sha2.vtc b/reg-tests/converter/sha2.vtc
new file mode 100644
index 0000000..e90e274
--- /dev/null
+++ b/reg-tests/converter/sha2.vtc
@@ -0,0 +1,57 @@
+varnishtest "sha2 converter Test"
+
+#REQUIRE_VERSION=2.1
+#REQUIRE_OPTION=OPENSSL
+
+feature ignore_unknown_macro
+
+server s1 {
+	rxreq
+	txresp
+} -repeat 2 -start
+
+haproxy h1 -conf {
+    defaults
+	mode http
+	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+    frontend fe
+	bind "fd@${fe}"
+
+	#### requests
+	http-request  set-var(txn.hash) req.hdr(hash)
+
+	http-response set-header SHA2   "%[var(txn.hash),sha2,hex,lower]"
+	http-response set-header SHA2-224   "%[var(txn.hash),sha2(224),hex,lower]"
+	http-response set-header SHA2-256   "%[var(txn.hash),sha2(256),hex,lower]"
+	http-response set-header SHA2-384   "%[var(txn.hash),sha2(384),hex,lower]"
+	http-response set-header SHA2-512   "%[var(txn.hash),sha2(512),hex,lower]"
+
+	default_backend be
+
+    backend be
+	server s1 ${s1_addr}:${s1_port}
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+	txreq -url "/" \
+	  -hdr "Hash: 1"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.sha2 == "6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b"
+	expect resp.http.sha2-224 == "e25388fde8290dc286a6164fa2d97e551b53498dcbf7bc378eb1f178"
+	expect resp.http.sha2-256 == "6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b"
+	expect resp.http.sha2-384 == "47f05d367b0c32e438fb63e6cf4a5f35c2aa2f90dc7543f8a41a0f95ce8a40a313ab5cf36134a2068c4c969cb50db776"
+	expect resp.http.sha2-512 == "4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a"
+	txreq -url "/" \
+	  -hdr "Hash: 2"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.sha2 == "d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35"
+	expect resp.http.sha2-224 == "58b2aaa0bfae7acc021b3260e941117b529b2e69de878fd7d45c61a9"
+	expect resp.http.sha2-256 == "d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35"
+	expect resp.http.sha2-384 == "d063457705d66d6f016e4cdd747db3af8d70ebfd36badd63de6c8ca4a9d8bfb5d874e7fbd750aa804dcaddae7eeef51e"
+	expect resp.http.sha2-512 == "40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114"
+} -run
diff --git a/reg-tests/converter/url_dec.vtc b/reg-tests/converter/url_dec.vtc
new file mode 100644
index 0000000..d5e317b
--- /dev/null
+++ b/reg-tests/converter/url_dec.vtc
@@ -0,0 +1,37 @@
+varnishtest "url_dec converter Test"
+
+
+feature ignore_unknown_macro
+
+server s1 {
+	rxreq
+	txresp
+} -repeat 2 -start
+
+haproxy h1 -conf {
+    defaults
+	mode http
+	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+    frontend fe
+	bind "fd@${fe}"
+
+	http-request  set-var(txn.url) url
+	http-response set-header url_dec0 "%[var(txn.url),url_dec]"
+	http-response set-header url_dec1 "%[var(txn.url),url_dec(1)]"
+
+	default_backend be
+
+    backend be
+	server s1 ${s1_addr}:${s1_port}
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+	txreq -url "/bla+%20?foo%3Dbar%2B42+42%20"
+	rxresp
+	expect resp.http.url_dec0 == "/bla+ ?foo=bar+42 42 "
+	expect resp.http.url_dec1 == "/bla  ?foo=bar+42 42 "
+	expect resp.status == 200
+} -run
diff --git a/reg-tests/converter/url_enc.vtc b/reg-tests/converter/url_enc.vtc
new file mode 100644
index 0000000..74acac8
--- /dev/null
+++ b/reg-tests/converter/url_enc.vtc
@@ -0,0 +1,43 @@
+varnishtest "url_enc converter test"
+
+#REQUIRE_VERSION=2.4
+
+feature ignore_unknown_macro
+
+server s1 {
+	rxreq
+	txresp
+} -repeat 2 -start
+
+haproxy h1 -conf {
+    defaults
+	mode http
+	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+    frontend fe
+	bind "fd@${fe}"
+
+	http-request set-var(txn.url0) "str(foo=bar+42 42 )"
+	http-request set-var(txn.url1) "var(txn.url0),url_enc"
+	http-request set-var(txn.url2) "var(txn.url1),url_dec"
+	http-request set-var(txn.url3) "var(txn.url2),url_enc(query)"
+	http-response set-header url_enc0 "%[var(txn.url1)]"
+	http-response set-header url_dec "%[var(txn.url2)]"
+	http-response set-header url_enc1 "%[var(txn.url3)]"
+
+	default_backend be
+
+    backend be
+	server s1 ${s1_addr}:${s1_port}
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+	txreq -url "/"
+	rxresp
+	expect resp.http.url_enc0 == "foo%3Dbar%2B42%2042%20"
+	expect resp.http.url_dec == "foo=bar+42 42 "
+	expect resp.http.url_enc1 == "foo%3Dbar%2B42%2042%20"
+	expect resp.status == 200
+} -run
diff --git a/reg-tests/converter/word.vtc b/reg-tests/converter/word.vtc
new file mode 100644
index 0000000..acd4678
--- /dev/null
+++ b/reg-tests/converter/word.vtc
@@ -0,0 +1,43 @@
+varnishtest "word converter Test"
+
+feature ignore_unknown_macro
+
+server s1 {
+	rxreq
+	txresp -hdr "Connection: close"
+} -repeat 3 -start
+
+haproxy h1 -conf {
+    defaults
+	mode http
+	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+	timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+    frontend fe
+	bind "fd@${fe}"
+
+	#### requests
+	http-request set-var(txn.uri) path
+	http-response set-header Found %[var(txn.uri),word(2,/)] if { var(txn.uri),word(2,/) -m found }
+
+	default_backend be
+
+    backend be
+	server s1 ${s1_addr}:${s1_port}
+} -start
+
+client c1 -connect ${h1_fe_sock} {
+	txreq -url "/foo/bar/baz"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.found == "bar"
+	txreq -url "/foo//bar/baz"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.found == "bar"
+	txreq -url "/foo"
+	rxresp
+	expect resp.status == 200
+	expect resp.http.found == "<undef>"
+} -run