From fa1d7c30c34075ef34e86995078cc0b0b11f9929 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Wed, 31 Dec 2025 10:42:54 +0300
Subject: [PATCH 1/6] blockcheck2: --payload=

---
 blockcheck2.d/standard/10-http-basic.sh | 2 +-
 blockcheck2.d/standard/15-misc.sh       | 4 ++--
 blockcheck2.d/standard/20-multi.sh      | 4 ++--
 blockcheck2.d/standard/23-seqovl.sh     | 4 ++--
 blockcheck2.d/standard/24-syndata.sh    | 4 ++--
 blockcheck2.d/standard/25-fake.sh       | 2 +-
 blockcheck2.d/standard/30-faked.sh      | 2 +-
 blockcheck2.d/standard/50-fake-multi.sh | 2 +-
 blockcheck2.d/standard/55-fake-faked.sh | 2 +-
 blockcheck2.d/standard/90-quic.sh       | 2 +-
 10 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/blockcheck2.d/standard/10-http-basic.sh b/blockcheck2.d/standard/10-http-basic.sh
index 970758b..6755184 100644
--- a/blockcheck2.d/standard/10-http-basic.sh
+++ b/blockcheck2.d/standard/10-http-basic.sh
@@ -7,6 +7,6 @@ pktws_check_http()
 	[ "$NOTEST_BASIC_HTTP" = 1 ] && { echo "SKIPPED"; return; }
 
 	for s in 'http_hostcase' 'http_hostcase:spell=hoSt' 'http_domcase' 'http_methodeol' 'http_unixeol'; do
-		pktws_curl_test_update $1 $2 --payload http_req --lua-desync=$s
+		pktws_curl_test_update $1 $2 --payload=http_req --lua-desync=$s
 	done
 }
diff --git a/blockcheck2.d/standard/15-misc.sh b/blockcheck2.d/standard/15-misc.sh
index e2a1466..9f19f6e 100644
--- a/blockcheck2.d/standard/15-misc.sh
+++ b/blockcheck2.d/standard/15-misc.sh
@@ -5,7 +5,7 @@ pktws_check_http()
 	# $1 - test function
 	# $2 - domain
 
-	local PAYLOAD="--payload http_req" repeats ok
+	local PAYLOAD="--payload=http_req" repeats ok
 
 	for repeats in 1 20 100 260; do
 		# send starting bytes of original payload
@@ -20,7 +20,7 @@ pktws_check_https_tls12()
 	# $1 - test function
 	# $2 - domain
 
-	local PAYLOAD="--payload tls_client_hello" repeats ok
+	local PAYLOAD="--payload=tls_client_hello" repeats ok
 
 	for repeats in 1 20 100 260; do
 		# send starting bytes of original payload
diff --git a/blockcheck2.d/standard/20-multi.sh b/blockcheck2.d/standard/20-multi.sh
index a149ea3..64992ae 100644
--- a/blockcheck2.d/standard/20-multi.sh
+++ b/blockcheck2.d/standard/20-multi.sh
@@ -26,7 +26,7 @@ pktws_check_http()
 	# $1 - test function
 	# $2 - domain
 	local splits_http='method+2 midsld method+2,midsld'
-	local PAYLOAD="--payload http_req"
+	local PAYLOAD="--payload=http_req"
 
 	[ "$NOTEST_MULTI_HTTP" = 1 ] && { echo "SKIPPED"; return; }
 
@@ -39,7 +39,7 @@ pktws_check_https_tls()
 	# $2 - domain
 	# $3 - PRE args for nfqws2
 	local splits_tls='2 1 sniext+1 sniext+4 host+1 midsld 1,midsld 1,midsld,1220 1,sniext+1,host+1,midsld-2,midsld,midsld+2,endhost-1'
-	local PAYLOAD="--payload tls_client_hello"
+	local PAYLOAD="--payload=tls_client_hello"
 
 	[ "$NOTEST_MULTI_HTTPS" = 1 ] && { echo "SKIPPED"; return; }
 
diff --git a/blockcheck2.d/standard/23-seqovl.sh b/blockcheck2.d/standard/23-seqovl.sh
index 8371c9b..6b135c9 100644
--- a/blockcheck2.d/standard/23-seqovl.sh
+++ b/blockcheck2.d/standard/23-seqovl.sh
@@ -5,7 +5,7 @@ pktws_check_http()
 
 	[ "$NOTEST_SEQOVL_HTTP" = 1 ] && { echo "SKIPPED"; return; }
 
-	local PAYLOAD="--payload http_req"
+	local PAYLOAD="--payload=http_req"
 
 	local ok pat= split f f2
 
@@ -37,7 +37,7 @@ pktws_seqovl_tests_tls()
 	local ok ok_any
 	local testf=$1 domain="$2" pre="$3"
 	local pat rnd_mod padencap_mod split f f2
-	local PAYLOAD="--payload tls_client_hello"
+	local PAYLOAD="--payload=tls_client_hello"
 
 	pat=${SEQOVL_PATTERN_HTTPS:+seqovl_pat}
 	pat=${pat:-fake_default_tls}
diff --git a/blockcheck2.d/standard/24-syndata.sh b/blockcheck2.d/standard/24-syndata.sh
index 6208509..de47fa7 100644
--- a/blockcheck2.d/standard/24-syndata.sh
+++ b/blockcheck2.d/standard/24-syndata.sh
@@ -5,7 +5,7 @@ pktws_check_http()
 	# $1 - test function
 	# $2 - domain
 
-	local PAYLOAD="--payload http_req" split
+	local PAYLOAD="--payload=http_req" split
 
 	for split in '' multisplit $MULTIDISORDER; do
 		pktws_curl_test_update "$1" "$2" --lua-desync=syndata ${split:+$PAYLOAD --lua-desync=$split}
@@ -19,7 +19,7 @@ pktws_check_https_tls()
 	# $2 - domain
 	# $3 - PRE args for nfqws2
 
-	local PAYLOAD="--payload tls_client_hello" ok=0 pre="$3" split
+	local PAYLOAD="--payload=tls_client_hello" ok=0 pre="$3" split
 
 	for split in '' multisplit $MULTIDISORDER; do
 		pktws_curl_test_update "$1" "$2" $pre --lua-desync=syndata ${split:+$PAYLOAD --lua-desync=$split} && ok=1
diff --git a/blockcheck2.d/standard/25-fake.sh b/blockcheck2.d/standard/25-fake.sh
index 6af2e13..8592a98 100644
--- a/blockcheck2.d/standard/25-fake.sh
+++ b/blockcheck2.d/standard/25-fake.sh
@@ -40,7 +40,7 @@ pktws_check_http()
 		for ff in $fake 0x00000000; do
 			pktws_curl_test_update $testf $domain ${FAKE_HTTP:+--blob=fake_http:@"$FAKE_HTTP" }$PAYLOAD --lua-desync=fake:blob=$ff:$fooling:repeats=$FAKE_REPEATS && ok=1
 			# duplicate SYN with MD5
-			contains "$fooling" tcp_md5 && pktws_curl_test_update $testf $domain ${FAKE_HTTP:+--blob=$fake:@"$FAKE_HTTP" }$PAYLOAD --lua-desync=fake:blob=$ff:$fooling:repeats=$FAKE_REPEATS --payload empty "--out-range=<s1" --lua-desync=send:tcp_md5 && ok=1
+			contains "$fooling" tcp_md5 && pktws_curl_test_update $testf $domain ${FAKE_HTTP:+--blob=$fake:@"$FAKE_HTTP" }$PAYLOAD --lua-desync=fake:blob=$ff:$fooling:repeats=$FAKE_REPEATS --payload=empty "--out-range=<s1" --lua-desync=send:tcp_md5 && ok=1
 		done
 	done
 	for ttl in $attls; do
diff --git a/blockcheck2.d/standard/30-faked.sh b/blockcheck2.d/standard/30-faked.sh
index 9648616..071c28d 100644
--- a/blockcheck2.d/standard/30-faked.sh
+++ b/blockcheck2.d/standard/30-faked.sh
@@ -42,7 +42,7 @@ pktws_check_faked()
 			for split in $splits; do
 				pktws_curl_test_update $testf $domain ${FAKED_PATTERN:+--blob=faked_pat:@"$FAKED_PATTERN" }$pre $PAYLOAD --lua-desync=$splitf:${FAKED_PATTERN:+pattern=faked_pat:}pos=$split:$fooling && ok=1
 				# duplicate SYN with MD5
-				contains "$fooling" tcp_md5 && pktws_curl_test_update $testf $domain ${FAKED_PATTERN:+--blob=faked_pat:@"$FAKED_PATTERN" }$pre $PAYLOAD --lua-desync=$splitf:${FAKED_PATTERN:+pattern=faked_pat:}pos=$split:$fooling:repeats=$FAKE_REPEATS --payload empty --out-range="<s1" --lua-desync=send:tcp_md5 && ok=1
+				contains "$fooling" tcp_md5 && pktws_curl_test_update $testf $domain ${FAKED_PATTERN:+--blob=faked_pat:@"$FAKED_PATTERN" }$pre $PAYLOAD --lua-desync=$splitf:${FAKED_PATTERN:+pattern=faked_pat:}pos=$split:$fooling:repeats=$FAKE_REPEATS --payload=empty --out-range="<s1" --lua-desync=send:tcp_md5 && ok=1
 			done
 		done
 		for ttl in $attls; do
diff --git a/blockcheck2.d/standard/50-fake-multi.sh b/blockcheck2.d/standard/50-fake-multi.sh
index 8924241..3bdeb4c 100644
--- a/blockcheck2.d/standard/50-fake-multi.sh
+++ b/blockcheck2.d/standard/50-fake-multi.sh
@@ -46,7 +46,7 @@ pktws_check_http()
 				for ff in $fake 0x00000000; do
 					pktws_curl_test_update $testf $domain ${FAKE_HTTP:+--blob=$fake:@"$FAKE_HTTP" }$PAYLOAD --lua-desync=fake:blob=$ff:$fooling:repeats=$FAKE_REPEATS --lua-desync=$splitf:pos=$split && ok=1
 					# duplicate SYN with MD5
-					contains "$fooling" tcp_md5 && pktws_curl_test_update $testf $domain ${FAKE_HTTP:+--blob=fake_http:@"$FAKE_HTTP" }$PAYLOAD --lua-desync=fake:blob=$ff:$fooling:repeats=$FAKE_REPEATS --lua-desync=$splitf:pos=$split --payload empty "--out-range=<s1" --lua-desync=send:tcp_md5 && ok=1
+					contains "$fooling" tcp_md5 && pktws_curl_test_update $testf $domain ${FAKE_HTTP:+--blob=fake_http:@"$FAKE_HTTP" }$PAYLOAD --lua-desync=fake:blob=$ff:$fooling:repeats=$FAKE_REPEATS --lua-desync=$splitf:pos=$split --payload=empty "--out-range=<s1" --lua-desync=send:tcp_md5 && ok=1
 				done
 			done
 		done
diff --git a/blockcheck2.d/standard/55-fake-faked.sh b/blockcheck2.d/standard/55-fake-faked.sh
index a1658b1..260abae 100644
--- a/blockcheck2.d/standard/55-fake-faked.sh
+++ b/blockcheck2.d/standard/55-fake-faked.sh
@@ -46,7 +46,7 @@ pktws_check_http()
 				for ff in $fake 0x00000000; do
 					pktws_curl_test_update $testf $domain ${FAKE_HTTP:+--blob=$fake:@"$FAKE_HTTP" }${FAKED_PATTERN_HTTP:+--blob=faked_pat:@"$FAKED_PATTERN_HTTP" }$PAYLOAD --lua-desync=fake:blob=$ff:$fooling:repeats=$FAKE_REPEATS --lua-desync=$splitf:${FAKED_PATTERN_HTTP:+pattern=faked_pat:}pos=$split:$fooling:repeats=$FAKE_REPEATS && ok=1
 					# duplicate SYN with MD5
-					contains "$fooling" tcp_md5 && pktws_curl_test_update $testf $domain ${FAKE_HTTP:+--blob=$fake:@"$FAKE_HTTP" }${FAKED_PATTERN_HTTP:+--blob=faked_pat:@"$FAKED_PATTERN_HTTP" }$PAYLOAD --lua-desync=fake:blob=$ff:$fooling:repeats=$FAKE_REPEATS --lua-desync=$splitf:${FAKED_PATTERN_HTTP:+pattern=faked_pat:}pos=$split:$fooling:repeats=$FAKE_REPEATS --payload empty "--out-range=<s1" --lua-desync=send:tcp_md5 && ok=1
+					contains "$fooling" tcp_md5 && pktws_curl_test_update $testf $domain ${FAKE_HTTP:+--blob=$fake:@"$FAKE_HTTP" }${FAKED_PATTERN_HTTP:+--blob=faked_pat:@"$FAKED_PATTERN_HTTP" }$PAYLOAD --lua-desync=fake:blob=$ff:$fooling:repeats=$FAKE_REPEATS --lua-desync=$splitf:${FAKED_PATTERN_HTTP:+pattern=faked_pat:}pos=$split:$fooling:repeats=$FAKE_REPEATS --payload=empty "--out-range=<s1" --lua-desync=send:tcp_md5 && ok=1
 				done
 			done
 		done
diff --git a/blockcheck2.d/standard/90-quic.sh b/blockcheck2.d/standard/90-quic.sh
index 1444c46..8da7571 100644
--- a/blockcheck2.d/standard/90-quic.sh
+++ b/blockcheck2.d/standard/90-quic.sh
@@ -8,7 +8,7 @@ pktws_check_http3()
 	[ "$NOTEST_QUIC" = 1 ] && { echo "SKIPPED"; return; }
 
 	local repeats fake pos fool
-	local PAYLOAD="--payload quic_initial"
+	local PAYLOAD="--payload=quic_initial"
 
 	if [ -n "$FAKE_QUIC" ]; then
 		fake=fake_quic

From 665bd5f3181e5606ab6d51e84fd7d5028ad2e9c0 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Wed, 31 Dec 2025 10:48:42 +0300
Subject: [PATCH 2/6] zapret-lib: check NFQWS2_COMPAT_VER

---
 lua/zapret-lib.lua | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lua/zapret-lib.lua b/lua/zapret-lib.lua
index c9a46aa..d223b88 100644
--- a/lua/zapret-lib.lua
+++ b/lua/zapret-lib.lua
@@ -1,3 +1,9 @@
+NFQWS2_COMPAT_VER_REQUIRED=4
+
+if NFQWS2_COMPAT_VER~=NFQWS2_COMPAT_VER_REQUIRED then
+	error("Incompatible NFQWS2_COMPAT_VER. Use pktws and lua scripts from the same release !")
+end
+
 HEXDUMP_DLOG_MAX = HEXDUMP_DLOG_MAX or 32
 NOT3=bitnot(3)
 NOT7=bitnot(7)

From cbb05967ba900fe1e5937a8b62c1ca110626d33a Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Wed, 31 Dec 2025 10:49:19 +0300
Subject: [PATCH 3/6] update docs

---
 docs/changes.txt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/changes.txt b/docs/changes.txt
index 0e1af5a..4965e13 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -152,3 +152,6 @@ v0.8.1
 * zapret-antidpi: http_unixeol
 * blockcheck2: http_unixeol test
 
+0.8.2
+
+* nfqws2: do not start if NFQWS2_COMPAT_VER unexpected

From 3874e1607583cccbeeaab848f3e11f9968a14baf Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Wed, 31 Dec 2025 16:10:22 +0300
Subject: [PATCH 4/6] nfqws2: print luajit status at startup

---
 nfq2/lua.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/nfq2/lua.c b/nfq2/lua.c
index c834213..2b7207f 100644
--- a/nfq2/lua.c
+++ b/nfq2/lua.c
@@ -2870,11 +2870,35 @@ static bool lua_basic_init()
 #else
 	DLOG_CONDUP("LUA v%u.%u\n",ver/100,ver%100);
 #endif
+
 #if LUA_VERSION_NUM >= 504
 	lua_setwarnf(params.L,lua_warn,NULL);
 #endif
 	lua_atpanic(params.L,lua_panic);
 	luaL_openlibs(params.L); /* Load Lua libraries */
+
+	lua_getfield(params.L, LUA_REGISTRYINDEX, "_LOADED");
+	if (lua_type(params.L, -1)==LUA_TTABLE)
+	{
+		lua_getfield(params.L, -1, "jit");
+		if (lua_type(params.L, -1)==LUA_TTABLE)
+		{
+			lua_getfield(params.L, -1, "status");
+			if (lua_type(params.L, -1)==LUA_TFUNCTION)
+			{
+				const char *s;
+				int n = lua_gettop(params.L);
+
+				lua_call(params.L, 0, LUA_MULTRET);
+				DLOG_CONDUP(lua_toboolean(params.L, n) ? "JIT: ON" : "JIT: OFF");
+				for (n++; (s = lua_tostring(params.L, n)); n++)
+					DLOG_CONDUP(" %s", s);
+				DLOG_CONDUP("\n");
+			}
+		}
+	}
+	lua_settop(params.L, 0);
+
 	return true;
 }
 

From 9d09d8adccd233e32f4015ff42b00c60510a4361 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Wed, 31 Dec 2025 18:07:30 +0300
Subject: [PATCH 5/6] nfqws2: fix comment

---
 nfq2/nfqws.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nfq2/nfqws.c b/nfq2/nfqws.c
index b83c5b0..1649fe4 100644
--- a/nfq2/nfqws.c
+++ b/nfq2/nfqws.c
@@ -2228,7 +2228,7 @@ int main(int argc, char **argv)
 				DLOG_ERR("Invalid port filter : %s\n", optarg);
 				exit_clean(1);
 			}
-			// deny tcp if not set
+			// deny udp if not set
 			if (!port_filters_deny_if_empty(&dp->pf_udp))
 				exit_clean(1);
 			break;

From 735936efc55c1749f673212379ddcd08d6f6419c Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Thu, 1 Jan 2026 14:26:23 +0300
Subject: [PATCH 6/6] zapret-tests: test_swap

---
 lua/zapret-tests.lua | 35 ++++++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/lua/zapret-tests.lua b/lua/zapret-tests.lua
index e1028f9..ddf3a98 100644
--- a/lua/zapret-tests.lua
+++ b/lua/zapret-tests.lua
@@ -304,6 +304,39 @@ function test_bit()
 	end
 end
 
+function test_swap()
+	local v1, v2, v3
+
+	v1 = math.random(0,0xFFFF)
+	v2 = swap16(v1)
+	v3 = divint(v1,0x100) + v1%0x100*0x100
+	print("swap16: "..(v2==v3 and "OK" or "FAIL"))
+	test_assert(v2==v3)
+
+	v1 = math.random(0,0xFFFFFF)
+	v2 = swap24(v1)
+	v3 = divint(v1,0x10000) + divint(v1,0x100)%0x100*0x100 + v1%0x100*0x10000
+	print("swap24: "..(v2==v3 and "OK" or "FAIL"))
+	test_assert(v2==v3)
+
+	v1 = math.random(0,0xFFFFFFFF)
+	v2 = swap32(v1)
+	v3 = divint(v1,0x1000000) + divint(v1,0x10000)%0x100*0x100 + divint(v1,0x100)%0x100*0x10000 + v1%0x100*0x1000000
+	print("swap32: "..(v2==v3 and "OK" or "FAIL"))
+	test_assert(v2==v3)
+
+	v1 = math.random(0,0xFFFFFFFFFFFF)
+	v2 = swap48(v1)
+	v3 =    divint(v1,0x10000000000) +
+		divint(v1,0x100000000)%0x100*0x100 +
+		divint(v1,0x1000000)%0x100*0x10000 +
+		divint(v1,0x10000)%0x100*0x1000000 +
+		divint(v1,0x100)%0x100*0x100000000 +
+		v1%0x100*0x10000000000
+	print("swap48: "..(v2==v3 and "OK" or "FAIL"))
+	test_assert(v2==v3)
+end
+
 function test_ux()
 	local v1, v2, v3, usum, sum
 	for k,test in pairs({
@@ -330,7 +363,7 @@ function test_ux()
 end
 
 function test_bin(...)
-	test_run({test_ub, test_bit, test_ux},...)
+	test_run({test_ub, test_bit, test_swap, test_ux},...)
 end