diff --git a/README.md b/README.md
index 9d845be..cc47ad9 100644
--- a/README.md
+++ b/README.md
@@ -353,7 +353,7 @@ The second rule passes through HTTPS connections from the user soner who has
 logged in with the description android to SSL sites with the Common Names 
 containing the substring .fbcdn.net anywhere in it (notice the asterisk at the 
 end). Since connection contents cannot be written to log files in passthrough 
-mode, the rule does not specify any log action.
+mode, the rule does not specify any content log action.
 
 The default filter action is Divert. So, if those are the only filtering rules 
 in that proxyspec, the other connections are diverted to the listening program 
diff --git a/src/aho_corasick_template.h b/src/aho_corasick_template.h
index c488d96..82b9d88 100644
--- a/src/aho_corasick_template.h
+++ b/src/aho_corasick_template.h
@@ -17,6 +17,10 @@
 *  along with this file.  If not, see <http://www.gnu.org/licenses/>.
 */
 
+/*
+ * 2021-10-06: The developer has been contacted for a license change to the LGPL.
+ */
+
 #ifndef __ACM_TEMPLATE__
 
 #  define __ACM_TEMPLATE__
diff --git a/src/aho_corasick_template_impl.h b/src/aho_corasick_template_impl.h
index f9b0409..a6c5a45 100644
--- a/src/aho_corasick_template_impl.h
+++ b/src/aho_corasick_template_impl.h
@@ -16,6 +16,10 @@
 *  along with this file.  If not, see <http://www.gnu.org/licenses/>.
 */
 
+/*
+ * 2021-10-06: The developer has been contacted for a license change to the LGPL.
+ */
+
 /*
  * This file is modified from the original to suppress ISO C and c99 warnings 
  * issued by both gcc and clang, such as those for _Generic selection and %n$ 
diff --git a/src/filter.c b/src/filter.c
index 07af1c3..38479a9 100644
--- a/src/filter.c
+++ b/src/filter.c
@@ -2243,12 +2243,11 @@ filter_port_exact_match(kbtree_t(port) *btree, char *p)
 static filter_port_t *
 filter_port_substring_match(ACMachine(char) *acm, char *port)
 {
-	if (acm) {
-		filter_port_t *p = NULL;
-		match_acm(acm, port, p)
-		return p;
-	}
-	return NULL;
+	if (!acm)
+		return NULL;
+	filter_port_t *p = NULL;
+	match_acm(acm, port, p)
+	return p;
 }
 
 filter_port_t *
@@ -2375,12 +2374,11 @@ filter_site_exact_match(kbtree_t(site) *btree, char *s)
 filter_site_t *
 filter_site_substring_match(ACMachine(char) *acm, char *site)
 {
-	if (acm) {
-		filter_site_t *s = NULL;
-		match_acm(acm, site, s)
-		return s;
-	}
-	return NULL;
+	if (!acm)
+		return NULL;
+	filter_site_t *s = NULL;
+	match_acm(acm, site, s)
+	return s;
 }
 
 filter_site_t *
@@ -2540,21 +2538,11 @@ filter_ip_exact_match(kbtree_t(ip) *btree, char *i)
 filter_ip_t *
 filter_ip_substring_match(ACMachine(char) *acm, char *ip)
 {
-	if (acm) {
-		filter_ip_t *i = NULL;
-		match_acm(acm, ip, i)
-		return i;
-	}
-	return NULL;
-}
-
-filter_ip_t *
-filter_ip_find(filter_t *filter, char *i)
-{
-	filter_ip_t *ip = filter_ip_exact_match(filter->ip_btree, i);
-	if (ip)
-		return ip;
-	return filter_ip_substring_match(filter->ip_acm, i);
+	if (!acm)
+		return NULL;
+	filter_ip_t *i = NULL;
+	match_acm(acm, ip, i)
+	return i;
 }
 
 static filter_ip_t *
@@ -2645,21 +2633,11 @@ filter_desc_exact_match(kbtree_t(desc) *btree, char *k)
 filter_desc_t *
 filter_desc_substring_match(ACMachine(char) *acm, char *desc)
 {
-	if (acm) {
-		filter_desc_t *k = NULL;
-		match_acm(acm, desc, k)
-		return k;
-	}
-	return NULL;
-}
-
-filter_desc_t *
-filter_desc_find(filter_t *filter, filter_user_t *user, char *k)
-{
-	filter_desc_t *desc = filter_desc_exact_match(user ? user->desc_btree : filter->desc_btree, k);
-	if (desc)
-		return desc;
-	return filter_desc_substring_match(user ? user->desc_acm : filter->desc_acm, k);
+	if (!acm)
+		return NULL;
+	filter_desc_t *k = NULL;
+	match_acm(acm, desc, k)
+	return k;
 }
 
 static filter_desc_t *
@@ -2751,21 +2729,11 @@ filter_user_exact_match(kbtree_t(user) *btree, char *u)
 filter_user_t *
 filter_user_substring_match(ACMachine(char) *acm, char *user)
 {
-	if (acm) {
-		filter_user_t *u = NULL;
-		match_acm(acm, user, u)
-		return u;
-	}
-	return NULL;
-}
-
-filter_user_t *
-filter_user_find(filter_t *filter, char *u)
-{
-	filter_user_t *user = filter_user_exact_match(filter->user_btree, u);
-	if (user)
-		return user;
-	return filter_user_substring_match(filter->user_acm, u);
+	if (!acm)
+		return NULL;
+	filter_user_t *u = NULL;
+	match_acm(acm, user, u)
+	return u;
 }
 
 static filter_user_t *
diff --git a/src/filter.h b/src/filter.h
index daa8e91..6628a03 100644
--- a/src/filter.h
+++ b/src/filter.h
@@ -122,10 +122,10 @@ typedef struct filter_rule {
 
 	// Conn field to apply filter to
 	unsigned int dstip : 1;       /* 1 to apply to dst ip */
-	unsigned int host : 1;        /* 1 to apply to http host */
-	unsigned int uri : 1;         /* 1 to apply to http uri */
 	unsigned int sni : 1;         /* 1 to apply to sni */
 	unsigned int cn : 1;          /* 1 to apply to common names */
+	unsigned int host : 1;        /* 1 to apply to http host */
+	unsigned int uri : 1;         /* 1 to apply to http uri */
 
 	struct filter_action action;
 
diff --git a/src/kbtree.h b/src/kbtree.h
index d8bc207..c12ea2f 100644
--- a/src/kbtree.h
+++ b/src/kbtree.h
@@ -38,6 +38,7 @@
  * pairs, which may be of a complex data type. And the key may be a field in 
  * that complex data type.
  */
+
 #ifndef __AC_KBTREE_H
 #define __AC_KBTREE_H
 
diff --git a/src/protossl.c b/src/protossl.c
index a931e89..d2a433b 100644
--- a/src/protossl.c
+++ b/src/protossl.c
@@ -1673,7 +1673,8 @@ protossl_bev_eventcb_connected_srvdst(UNUSED struct bufferevent *bev, pxy_conn_c
 		return;
 	}
 
-	// Set src ssl up early to apply protossl filter 
+	// Set src ssl up early to apply SSL filter,
+	// this is the last moment we can take divert or split action
 	if (protossl_setup_src_ssl(ctx) != 0) {
 		return;
 	}
diff --git a/src/sslproxy.1 b/src/sslproxy.1
index ea89f52..d0f9ff6 100644
--- a/src/sslproxy.1
+++ b/src/sslproxy.1
@@ -367,7 +367,7 @@ The second rule passes through HTTPS connections from the user soner who has
 logged in with the description android to SSL sites with the Common Names 
 containing the substring .fbcdn.net anywhere in it (notice the asterisk at the 
 end). Since connection contents cannot be written to log files in passthrough 
-mode, the rule does not specify any log action.
+mode, the rule does not specify any content log action.
 .LP
 The default filter action is Divert. So, if those are the only filtering rules 
 in that proxyspec, the other connections are diverted to the listening program