diff --git a/lua/zapret-tests.lua b/lua/zapret-tests.lua
index 6c39c74..69a072c 100644
--- a/lua/zapret-tests.lua
+++ b/lua/zapret-tests.lua
@@ -558,6 +558,23 @@ function test_dissect()
 		print( raw1==raw2 and "DISSECT OK" or "DISSECT FAILED" )
 		test_assert(raw1==raw2)
 
+		raw1 = string.sub(reconstruct_dissect(ip6_udp),1,-4-#ip6_udp.payload)
+		dis1 = dissect(raw1, false)
+		dis2 = dissect(raw1, true)
+		local ok = not dis1.ip6 and dis2.ip6
+		print("IP6 partial : "..(ok and "OK" or "FAIL"))
+		test_assert(ok)
+
+		print("IP6+IPP")
+		dis1 = {ip6 = ip6_udp.ip6, payload=brandom(math.random(1,1))}
+		raw1 = reconstruct_dissect(dis1,{ip6_last_proto=IPPROTO_IPIP})
+		dis2 = dissect(raw1)
+		raw2 = reconstruct_dissect(dis2,{ip6_preserve_next=true})
+		print("IP6+IPP1: "..string2hex(raw1))
+		print("IP6+IPP2: "..string2hex(raw2))
+		print( raw1==raw2 and "DISSECT OK" or "DISSECT FAILED" )
+		test_assert(raw1==raw2)
+
 		print("UDP standalone")
 		raw1 = reconstruct_udphdr(ip6_udp.udp)
 		print("UDP1: "..string2hex(raw1))
@@ -576,13 +593,6 @@ function test_dissect()
 		print("IP2: "..string2hex(raw2))
 		print( raw1==raw2 and "DISSECT OK" or "DISSECT FAILED" )
 		test_assert(raw1==raw2)
-
-		raw1 = string.sub(reconstruct_dissect(ip6_udp),1,-4-#ip6_udp.payload)
-		dis1 = dissect(raw1, false)
-		dis2 = dissect(raw1, true)
-		local ok = not dis1.ip6 and dis2.ip6
-		print("IP6 partial : "..(ok and "OK" or "FAIL"))
-		test_assert(ok)
 	end
 end
 
@@ -967,4 +977,27 @@ function test_rawsend(opts)
 	dis = {ip6 = ip6, icmp = icmp, payload = payload}
 	print("send ipv6 icmp")
 	test_assert(rawsend_dissect_print(dis, {fwmark = 0x8E10, repeats=3}))
+
+	local ip2 = {
+		ip_tos = 0,
+		ip_id = math.random(0,0xFFFF),
+		ip_off = 0,
+		ip_ttl = 64,
+		ip_p = IPPROTO_UDP,
+		ip_src = pton("10.1.1.1"),
+		ip_dst = pton("10.1.1.2"),
+	}
+
+	dis = {ip = ip2, udp = udp, payload = payload}
+	raw_udp = reconstruct_dissect(dis)
+
+	ip6.ip6_flow=0x6000583F
+	dis = {ip6 = ip6, payload = raw_udp}
+	print("send ipv6 ipip")
+	test_assert(rawsend_dissect_print(dis, {fwmark = 0x8E10, repeats=3}, {ip6_last_proto=IPPROTO_IPIP}))
+
+	dis = {ip = ip, payload = raw_udp}
+	dis.ip.ip_p = IPPROTO_IPIP
+	print("send ipv4 ipip")
+	test_assert(rawsend_dissect_print(dis, {fwmark = 0x8E10, repeats=3}, {ip6_last_proto=IPPROTO_IPIP}))
 end
diff --git a/nfq2/desync.c b/nfq2/desync.c
index 43931f5..12868e6 100644
--- a/nfq2/desync.c
+++ b/nfq2/desync.c
@@ -1073,7 +1073,7 @@ static uint8_t desync(
 			}
 			else
 			{
-				b = lua_reconstruct_dissect(params.L, -1, mod_pkt, len_mod_pkt, false, false, false);
+				b = lua_reconstruct_dissect(params.L, -1, mod_pkt, len_mod_pkt, false, false, IPPROTO_NONE, false);
 				lua_pop(params.L, 2);
 				if (!b)
 				{
diff --git a/nfq2/lua.c b/nfq2/lua.c
index 9939b5c..ba5e979 100644
--- a/nfq2/lua.c
+++ b/nfq2/lua.c
@@ -2353,7 +2353,8 @@ uint8_t lua_ip6_l4proto_from_dissect(lua_State *L, int idx)
 	return IPPROTO_NONE;
 }
 
-bool lua_reconstruct_dissect(lua_State *L, int idx, uint8_t *buf, size_t *len, bool keepsum, bool badsum, bool ip6_preserve_next)
+// last_proto = IPPROTO_NONE means auto detect
+bool lua_reconstruct_dissect(lua_State *L, int idx, uint8_t *buf, size_t *len, bool keepsum, bool badsum, uint8_t last_proto, bool ip6_preserve_next)
 {
 	uint8_t *data = buf;
 	size_t sz,l,lpayload,l3,left = *len;
@@ -2386,7 +2387,7 @@ bool lua_reconstruct_dissect(lua_State *L, int idx, uint8_t *buf, size_t *len, b
 		lua_getfield(L,idx,"ip6");
 		if (lua_type(L,-1)!=LUA_TTABLE) goto err;
 		ip6 = (struct ip6_hdr*)data;
-		if (!lua_reconstruct_ip6hdr(L,-1, ip6, &l, lua_ip6_l4proto_from_dissect(L,idx), ip6_preserve_next))
+		if (!lua_reconstruct_ip6hdr(L,-1, ip6, &l, last_proto==IPPROTO_NONE ? lua_ip6_l4proto_from_dissect(L,idx) : last_proto, ip6_preserve_next))
 		{
 			DLOG_ERR("reconstruct_dissect: bad ip6\n");
 			goto err;
@@ -2556,12 +2557,14 @@ static int luacall_reconstruct_dissect(lua_State *L)
 
 	size_t l;
 	uint8_t buf[RECONSTRUCT_MAX_SIZE] __attribute__((aligned(16)));
+	uint8_t last_proto;
+
 	l = sizeof(buf);
 
 	bool ip6_preserve_next, badsum, keepsum;
-	lua_reconstruct_extract_options(L, 2, &keepsum, &badsum, &ip6_preserve_next, NULL);
+	lua_reconstruct_extract_options(L, 2, &keepsum, &badsum, &ip6_preserve_next, &last_proto);
 
-	if (!lua_reconstruct_dissect(L, 1, buf, &l, keepsum, badsum, ip6_preserve_next))
+	if (!lua_reconstruct_dissect(L, 1, buf, &l, keepsum, badsum, last_proto, ip6_preserve_next))
 		luaL_error(L, "invalid dissect data");
 	lua_pushlstring(L,(char*)buf,l);
 
@@ -2865,13 +2868,15 @@ static int luacall_rawsend_dissect(lua_State *L)
 	sockaddr_in46 sa;
 	bool b, badsum, keepsum, ip6_preserve_next;
 	uint8_t buf[RECONSTRUCT_MAX_SIZE] __attribute__((aligned(16)));
+	uint8_t last_proto;
+
 	len = sizeof(buf);
 
 	luaL_checktype(L,1,LUA_TTABLE);
 	lua_rawsend_extract_options(L,2, &repeats, &fwmark, &ifout);
-	lua_reconstruct_extract_options(L, 3, &keepsum, &badsum, &ip6_preserve_next, NULL);
+	lua_reconstruct_extract_options(L, 3, &keepsum, &badsum, &ip6_preserve_next, &last_proto);
 
-	if (!lua_reconstruct_dissect(L, 1, buf, &len, keepsum, badsum, ip6_preserve_next))
+	if (!lua_reconstruct_dissect(L, 1, buf, &len, keepsum, badsum, last_proto, ip6_preserve_next))
 		luaL_error(L, "invalid dissect data");
 
 	if (!extract_dst(buf, len, (struct sockaddr*)&sa))
@@ -3868,11 +3873,13 @@ static void lua_init_const(void)
 		{"IPV6_FLOWINFO_MASK",0x0FFFFFFF},
 
 		{"IPPROTO_IP",IPPROTO_IP},
+		{"IPPROTO_IPIP",IPPROTO_IPIP},
 		{"IPPROTO_IPV6",IPPROTO_IPV6},
 		{"IPPROTO_ICMP",IPPROTO_ICMP},
 		{"IPPROTO_TCP",IPPROTO_TCP},
 		{"IPPROTO_UDP",IPPROTO_UDP},
 		{"IPPROTO_ICMPV6",IPPROTO_ICMPV6},
+		{"IPPROTO_SCTP",IPPROTO_SCTP},
 		{"IPPROTO_HOPOPTS",IPPROTO_HOPOPTS},
 		{"IPPROTO_ROUTING",IPPROTO_ROUTING},
 		{"IPPROTO_FRAGMENT",IPPROTO_FRAGMENT},
diff --git a/nfq2/lua.h b/nfq2/lua.h
index b9aaac1..d7b055c 100644
--- a/nfq2/lua.h
+++ b/nfq2/lua.h
@@ -112,7 +112,7 @@ bool lua_reconstruct_iphdr(lua_State *L, int idx, struct ip *ip, size_t *len);
 bool lua_reconstruct_tcphdr(lua_State *L, int idx, struct tcphdr *tcp, size_t *len);
 bool lua_reconstruct_udphdr(lua_State *L, int idx, struct udphdr *udp);
 bool lua_reconstruct_icmphdr(lua_State *L, int idx, struct icmp46 *icmp);
-bool lua_reconstruct_dissect(lua_State *L, int idx, uint8_t *buf, size_t *len, bool keepsum, bool badsum, bool ip6_preserve_next);
+bool lua_reconstruct_dissect(lua_State *L, int idx, uint8_t *buf, size_t *len, bool keepsum, bool badsum, uint8_t last_proto, bool ip6_preserve_next);
 
 typedef struct {
 	unsigned int func_n;
diff --git a/nfq2/windows/res/32/winicon.o b/nfq2/windows/res/32/winicon.o
new file mode 100755
index 0000000..8b8eaf6
Binary files /dev/null and b/nfq2/windows/res/32/winicon.o differ
diff --git a/nfq2/windows/res/32/winmanifest.o b/nfq2/windows/res/32/winmanifest.o
new file mode 100755
index 0000000..0db470d
Binary files /dev/null and b/nfq2/windows/res/32/winmanifest.o differ
diff --git a/nfq2/windows/res/64/winicon.o b/nfq2/windows/res/64/winicon.o
new file mode 100755
index 0000000..36180cb
Binary files /dev/null and b/nfq2/windows/res/64/winicon.o differ
diff --git a/nfq2/windows/res/64/winmanifest.o b/nfq2/windows/res/64/winmanifest.o
new file mode 100755
index 0000000..0ca3b2f
Binary files /dev/null and b/nfq2/windows/res/64/winmanifest.o differ
diff --git a/nfq2/windows/res/winws_res64.o b/nfq2/windows/res/winws_res64.o
index 897ca6d..d48e1bb 100644
Binary files a/nfq2/windows/res/winws_res64.o and b/nfq2/windows/res/winws_res64.o differ