diff --git a/nfq2/darkmagic.c b/nfq2/darkmagic.c
index f9b1093..60882c2 100644
--- a/nfq2/darkmagic.c
+++ b/nfq2/darkmagic.c
@@ -1227,7 +1227,7 @@ bool win_dark_init(const struct str_list_head *ssid_filter, const struct str_lis
 		if (!f_WlanOpenHandle || !f_WlanCloseHandle || !f_WlanEnumInterfaces || !f_WlanQueryInterface || !f_WlanFreeMemory)
 		{
 			w_win32_error = GetLastError();
-			DLOG_ERR("could not import required functions from wlanapi.dll\n");
+			DLOG_ERR("could not import all required functions from wlanapi.dll\n");
 			win_dark_deinit();
 			return false;
 		}
diff --git a/nfq2/desync.c b/nfq2/desync.c
index baab3b4..b0ad6c8 100644
--- a/nfq2/desync.c
+++ b/nfq2/desync.c
@@ -730,7 +730,7 @@ static bool ipcache_get_hostname(const struct in_addr *a4, const struct in6_addr
 	if (!params.cache_hostname)
 	{
 		*hostname = 0;
-		return true;
+		return false;
 	}
 	if (params.debug)
 	{
@@ -738,13 +738,8 @@ static bool ipcache_get_hostname(const struct in_addr *a4, const struct in6_addr
 		ntopa46(a4, a6, s, sizeof(s));
 		DLOG("ipcache hostname search for %s\n", s);
 	}
-	ip_cache_item *ipc = ipcacheTouch(&params.ipcache, a4, a6, NULL);
-	if (!ipc)
-	{
-		DLOG_ERR("ipcache_get_hostname: out of memory\n");
-		return false;
-	}
-	if (ipc->hostname)
+	ip_cache_item *ipc = ipcacheFind(&params.ipcache, a4, a6, NULL);
+	if (ipc && ipc->hostname)
 	{
 		if (params.debug)
 		{
@@ -757,31 +752,36 @@ static bool ipcache_get_hostname(const struct in_addr *a4, const struct in6_addr
 	}
 	else
 		*hostname = 0;
-	return true;
+	return *hostname;
 }
 static void ipcache_update_ttl(t_ctrack *ctrack, const struct in_addr *a4, const struct in6_addr *a6, const char *iface)
 {
 	// no need to cache ttl in server mode because first packet is incoming
 	if (ctrack && !params.server)
 	{
-		ip_cache_item *ipc = ipcacheTouch(&params.ipcache, a4, a6, iface);
-		if (!ipc)
-		{
-			DLOG_ERR("ipcache: out of memory\n");
-			return;
-		}
+		ip_cache_item *ipc;
 		if (ctrack->incoming_ttl)
 		{
+			ipc = ipcacheTouch(&params.ipcache, a4, a6, iface);
+			if (!ipc)
+			{
+				DLOG_ERR("ipcache: out of memory\n");
+				return;
+			}
 			if (ipc->ttl != ctrack->incoming_ttl)
 			{
 				DLOG("updated ttl cache\n");
 				ipc->ttl = ctrack->incoming_ttl;
 			}
 		}
-		else if (ipc->ttl)
+		else
 		{
-			DLOG("got cached ttl %u\n", ipc->ttl);
-			ctrack->incoming_ttl = ipc->ttl;
+			ipc = ipcacheFind(&params.ipcache, a4, a6, iface);
+			if (ipc && ipc->ttl)
+			{
+				DLOG("got cached ttl %u\n", ipc->ttl);
+				ctrack->incoming_ttl = ipc->ttl;
+			}
 		}
 	}
 }
@@ -790,10 +790,8 @@ static void ipcache_get_ttl(t_ctrack *ctrack, const struct in_addr *a4, const st
 	// no need to cache ttl in server mode because first packet is incoming
 	if (ctrack && !ctrack->incoming_ttl && !params.server)
 	{
-		ip_cache_item *ipc = ipcacheTouch(&params.ipcache, a4, a6, iface);
-		if (!ipc)
-			DLOG_ERR("ipcache: out of memory\n");
-		else if (ipc->ttl)
+		ip_cache_item *ipc = ipcacheFind(&params.ipcache, a4, a6, iface);
+		if (ipc && ipc->ttl)
 		{
 			DLOG("got cached ttl %u\n", ipc->ttl);
 			ctrack->incoming_ttl = ipc->ttl;
@@ -897,7 +895,7 @@ static uint8_t desync(
 	if (LIST_FIRST(&dp->lua_desync))
 	{
 		lua_rawgeti(params.L, LUA_REGISTRYINDEX, params.ref_desync_ctx);
-		t_lua_desync_context *ctx = (t_lua_desync_context *)luaL_checkudata(params.L, 1, "desync_ctx");
+		t_lua_desync_context *ctx = (t_lua_desync_context *)luaL_checkudata(params.L, -1, "desync_ctx");
 		// this is singleton stored in the registry. safe to pop
 		lua_pop(params.L,1);
 
@@ -1264,7 +1262,7 @@ static bool play_prolog(
 				hostname_is_ip = ps->ctrack->hostname_is_ip;
 				if (!hostname && !ps->bReverse)
 				{
-					if (ipcache_get_hostname(ps->sdip4, ps->sdip6, ps->host, sizeof(ps->host), &hostname_is_ip) && *ps->host)
+					if (ipcache_get_hostname(ps->sdip4, ps->sdip6, ps->host, sizeof(ps->host), &hostname_is_ip))
 						if (!(hostname = ps->ctrack->hostname = strdup(ps->host)))
 							DLOG_ERR("strdup(host): out of memory\n");
 				}
@@ -1985,8 +1983,8 @@ static uint8_t dpi_desync_icmp_packet(
 			hostname = ctrack->hostname;
 			hostname_is_ip = ctrack->hostname_is_ip;
 		}
-		else if (ipcache_get_hostname(dis->ip ? &dis->ip->ip_dst : NULL, dis->ip6 ? &dis->ip6->ip6_dst : NULL, host, sizeof(host), &hostname_is_ip) && *host ||
-			ipcache_get_hostname(dis->ip ? &dis->ip->ip_src : NULL, dis->ip6 ? &dis->ip6->ip6_src : NULL, host, sizeof(host), &hostname_is_ip) && *host)
+		else if (ipcache_get_hostname(dis->ip ? &dis->ip->ip_dst : NULL, dis->ip6 ? &dis->ip6->ip6_dst : NULL, host, sizeof(host), &hostname_is_ip) ||
+			ipcache_get_hostname(dis->ip ? &dis->ip->ip_src : NULL, dis->ip6 ? &dis->ip6->ip6_src : NULL, host, sizeof(host), &hostname_is_ip))
 		{
 			hostname = host;
 		}
@@ -2052,8 +2050,8 @@ static uint8_t dpi_desync_ip_packet(
 	bool hostname_is_ip = false;
 	const char *hostname = NULL;
 	char host[256];
-	if (ipcache_get_hostname(dis->ip ? &dis->ip->ip_dst : NULL, dis->ip6 ? &dis->ip6->ip6_dst : NULL, host, sizeof(host), &hostname_is_ip) && *host ||
-		ipcache_get_hostname(dis->ip ? &dis->ip->ip_src : NULL, dis->ip6 ? &dis->ip6->ip6_src : NULL, host, sizeof(host), &hostname_is_ip) && *host)
+	if (ipcache_get_hostname(dis->ip ? &dis->ip->ip_dst : NULL, dis->ip6 ? &dis->ip6->ip6_dst : NULL, host, sizeof(host), &hostname_is_ip) ||
+		ipcache_get_hostname(dis->ip ? &dis->ip->ip_src : NULL, dis->ip6 ? &dis->ip6->ip6_src : NULL, host, sizeof(host), &hostname_is_ip))
 	{
 		hostname = host;
 	}
diff --git a/nfq2/filter.c b/nfq2/filter.c
index 8a08d3d..0e1e15e 100644
--- a/nfq2/filter.c
+++ b/nfq2/filter.c
@@ -18,6 +18,7 @@ bool pf_parse(const char *s, port_filter *pf)
 	if (*s=='*' && s[1]==0)
 	{
 		pf->from=1; pf->to=0xFFFF;
+		pf->neg=false;
 		return true;
 	}
 	if (*s=='~')
diff --git a/nfq2/pools.c b/nfq2/pools.c
index bcf4940..dac832d 100644
--- a/nfq2/pools.c
+++ b/nfq2/pools.c
@@ -1115,6 +1115,22 @@ void ipcachePrint(ip_cache *ipcache)
 	ipcache6Print(ipcache->ipcache6);
 }
 
+ip_cache_item *ipcacheFind(ip_cache *ipcache, const struct in_addr *a4, const struct in6_addr *a6, const char *iface)
+{
+	ip_cache4 *ipcache4;
+	ip_cache6 *ipcache6;
+	if (a4)
+	{
+		if ((ipcache4 = ipcache4Find(ipcache->ipcache4,a4,iface)))
+			return &ipcache4->data;
+	}
+	else if (a6)
+	{
+		if ((ipcache6 = ipcache6Find(ipcache->ipcache6,a6,iface)))
+			return &ipcache6->data;
+	}
+	return NULL;
+}
 ip_cache_item *ipcacheTouch(ip_cache *ipcache, const struct in_addr *a4, const struct in6_addr *a6, const char *iface)
 {
 	ip_cache4 *ipcache4;
diff --git a/nfq2/pools.h b/nfq2/pools.h
index 62cbf41..d87b3e2 100644
--- a/nfq2/pools.h
+++ b/nfq2/pools.h
@@ -265,6 +265,7 @@ typedef struct ip_cache
 } ip_cache;
 
 ip_cache_item *ipcacheTouch(ip_cache *ipcache, const struct in_addr *a4, const struct in6_addr *a6, const char *iface);
+ip_cache_item *ipcacheFind(ip_cache *ipcache, const struct in_addr *a4, const struct in6_addr *a6, const char *iface);
 void ipcachePurgeRateLimited(ip_cache *ipcache, time_t lifetime);
 void ipcacheDestroy(ip_cache *ipcache);
 void ipcachePrint(ip_cache *ipcache);
diff --git a/nfq2/protocol.c b/nfq2/protocol.c
index 9485fe7..fc7fffc 100644
--- a/nfq2/protocol.c
+++ b/nfq2/protocol.c
@@ -44,7 +44,7 @@ t_l7proto l7proto_from_name(const char *name)
 }
 bool l7_proto_match(t_l7proto l7proto, uint64_t filter_l7)
 {
-	return filter_l7==L7_ALL || (filter_l7 & (1<<l7proto)) || (filter_l7 & (1<<L7_KNOWN)) && l7proto>L7_KNOWN && l7proto<L7_LAST;
+	return filter_l7==L7_ALL || (filter_l7 & (1ULL<<l7proto)) || (filter_l7 & (1ULL<<L7_KNOWN)) && l7proto>L7_KNOWN && l7proto<L7_LAST;
 }
 
 static const char *l7payload_name[] = {
@@ -73,7 +73,7 @@ const char *l7payload_str(t_l7payload l7)
 }
 bool l7_payload_match(t_l7payload l7payload, uint64_t filter_l7p)
 {
-	return filter_l7p==L7P_ALL || (filter_l7p & (1<<l7payload)) || (filter_l7p & (1<<L7P_KNOWN)) && l7payload>L7P_KNOWN && l7payload<L7P_LAST;
+	return filter_l7p==L7P_ALL || (filter_l7p & (1ULL<<l7payload)) || (filter_l7p & (1ULL<<L7P_KNOWN)) && l7payload>L7P_KNOWN && l7payload<L7P_LAST;
 }
 bool l7_payload_str_list(uint64_t l7p, char *buf, size_t size)
 {
@@ -91,7 +91,7 @@ bool l7_payload_str_list(uint64_t l7p, char *buf, size_t size)
 	}
 	for(pl=0, p=buf, e=p+size, *buf=0 ; pl<L7P_LAST ; pl++)
 	{
-		if (l7p & (1<<pl))
+		if (l7p & (1ULL<<pl))
 		{
 			pstr = l7payload_str(pl);
 			lstr = strlen(pstr);
@@ -1351,6 +1351,7 @@ bool IsQUICInitial(const uint8_t *data, size_t len)
 	offset += 1 + data[offset];
 
 	// token length
+	if (offset>=len || (offset + tvb_get_size(data[offset])) > len) return false;
 	offset += tvb_get_varint(data + offset, &sz);
 	offset += sz;
 	if (offset >= len) return false;