From 0a5ffc1a544ffcd57c25b3a07947ea2c8366eefb Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Sun, 20 Mar 2022 20:46:39 +0300
Subject: [PATCH] nfqws: QUIC protocol recognition

---
 binaries/freebsd-x64/dvtws           | Bin 66952 -> 69176 bytes
 docs/readme.eng.md                   |  10 +-
 docs/readme.txt                      |   5 +-
 init.d/openwrt/custom-nfqws-quic4all |   2 +-
 init.d/sysv/custom-nfqws-quic4all    |   2 +-
 nfq/desync.c                         |  18 +++-
 nfq/nfqws.c                          |  19 ++--
 nfq/params.h                         |   4 +-
 nfq/protocol.c                       | 141 +++++++++++++++++++--------
 nfq/protocol.h                       |   1 +
 10 files changed, 140 insertions(+), 62 deletions(-)

diff --git a/binaries/freebsd-x64/dvtws b/binaries/freebsd-x64/dvtws
index df76a5ca11fcb7ef67d8a1aaddb80045821551d4..99966d9d312b1341e66d1cfae72ee693efa6ea8b 100755
GIT binary patch
delta 18931
zcmb8X3s_WD7dL+9z#tGXsNe;;jG~5jDDgfy7}TIx<}E8RZ)jdJvcb&K8J!tp7*T3_
zPtDAHO-(6Gfs8>#z)MDE-ZS4f(=(8!WrkXw@3;0j;PHL`|L6I>^E{q))^A<*+PAg$
z*=Hoz<6peazaYV{PZQmHT|Tje+!6TIKn20bc^&QnjZgG2fpZOXuD`;*^1KSGb|P4^
zOAyEdQN^x-7AmlyQueGay>0YWt|~-dHS>oCI@wRbCl{6IUJJ72`YW#N;R?JAu9^z1
zg}_J!S0fTeK}@)%uYw0E>cV8i7B1YBUwK}^Rah9W`Z2108uSNqKdl5oDfdaCL2z9)
zu&V(z6x<dCP{HB<<><1ipAcD8`^W-6+Zmk_Kr<9zY={E1!Ji(_=^DJD;)Fk`!5b=0
zc&Y|(D4%euM8l<4&?b=J=>`-uK@FJjAsW114YUa`)ZxJ;Dit7{I=tZu)Zl90aZ$Ji
z_ZMsp>VnWpBcQ??E~5rlMxi1}(BM>f!<DGP8+wUkeKdGbgEEzG)(9SH5P(`Vc!&lc
zrolrs_!tcyroqQ+aDxVa1vsxiMX!!yF3#2%G}Rc))!;N<8ZNsAZ{7fc=4$W=4PNj7
zw+WFN!RiMBp@jzDsKHxm@U0pgbEEMp)ZncfQ9&ry;87e``@dWxXrnQx*5J_^yhek^
zXz(){JXV8W(%^9#T(W5dZ8d@$8oZqbuh-!58eH&uFbmpi@IVdTL4${@xQ+V0qejq5
zWALa3H)`+%4W6LEJ8AGl4c=LU_tD^81kL<2YXn_21{Mw8O@j~9;N3O&7!BS-gOAtX
ziH$h={}qiOsZk&Z*&6&Y4L(<cKd!;;8oZ|l&(+|`8oYpT8h_LUy)=T=8iU>%e4_^M
zqrtao@V*+nP=oi=;Kdr;)?Xti*9Zn^@M;Zi(%>~3{0R+yMuQL3;FmPGS;38*NE$(k
zBH;HMeiPWe$T-`HjmU<Miok<{oLp9C6yy%&xEtckcq0B4()L}Fadp^3ypH%9&hI3i
z76xBA=eH0~3xcnZ^Bah#RnxbT^DBv`{O>E^{L(t3O?ZV8zt7Hr#iT%e=F8^%0^%vr
z`^IyA4)K)WeZx3Ei}+yT&77Y?Jmq;`BIm~uPx;+v<osyjDX;s&IsZ(Z4FDx{pTL2q
zNP!Z$@5X%q9iAYb^0)62=X()PdD~aR`R>G1zV?-Kz9aFJr+tN-k0qY+vu`8kTM$oa
z*;l~%FdG4sk9~Fy1Q1Vo*q6=u`?cUH|N6#r{x<QHcYVV+f1P;Bw>~rHuMkgZ)|bfn
zi^NlU^%*&Tig-$^zHrXljuSxn)F*JDl6cCaz8n8g3zQLWB>ocT_YmKf_!`ddB%ac!
zublH+h^O@FE9CqJ;wf$VHgbL?@suuo1;pDrEG2-_q|eS3786hD(U;Bn1;kTY^o{5I
z9O5Y*`i60S7V({lH*<ap@m+{d<or0|DeL)+oF7d*WjkLuc$?he83HKH`2?=;6!Dba
zd^i5)V}N){YradI??pUiGhYqoyAw}Y%va9&j>J>;@)dGEmUzlqzKxu3K|EzEU%}rf
zU+xe_0A(qkoht+oPua<r&H4L2@RXH&<2iquc*;h;VVu8CJY^xDne$hOr{v>H<oreA
zDe3r(oIgc8B^zJ(-z}(y#|fY;;}f_-rH>^<^$PhV7X6&lB*SgG5X+`V#l+-5udaz9
z4hf@NXV?>Hzth8d*?BnUMlrViY;)8|BW?dJu5yFx8oYVKqs@X8375t6I#GffD`?X)
zWO&l~2SEQeoscmmu&Hg@25Pk0JYb62wB;J7+n67K@Dn`fffsXh`?2-%cm#G(wm9m=
z*`i!yah=b(N~!IoOyB0Uf^bZ8<>?n)H44u1oX(>x?qBLcEsp(x7I$bCKp1*L$Kt`_
z(V;3imn-$7uCnszmXWDH8wJ7I45cDvy2`DAUZXIf=-22UgT;y0ijF>->L<q37B%fM
zToeyqWm(;7#UHP*=elQ!Iai8`yZ6;UcB9xV)ODX?h;xz)VL*Vv6^L}2;z=`GJpPAB
z?E4!6L!6!D#fD-Q-_xZtvy|l4>_E?FMF7o{yNOMU*`Van;%CK0Ym+|;62E(^$TaYq
zV9{7o6f#)SiRMyvd&p9;u%u{l##wPh_4j7Mu;;Mc{+pUovrxR+YZfvOn(eYPr%CZ%
z&Lov*9xPtZAB%S?Wb;YVD*jaAiWIU*AzQrci)T04(#p+3QhA2^&QSLy>8C1L&U-S*
zeZYP|w%>j1%@!p}u_xsAKfJQfER;~Obt4C$&=M-NF5R%F+LAxNri`*{>42l;OIiaj
zb*Uv3N?k$;g;LkHghHu{Dxpy7nwL;0bs;62ypf>#k}Y5#xEWH;q+zj5`|`*v?w_PY
zIP?N-`CP%n@h+*9<y7|#e|f-zSj*-1hlH|*Sf5X^-*1d|aEf8iag<Z|P`FRS$^UJ*
z<_Jx=sv88>Z+KfxxaSWk;m#bsqt!EN^Zqp=Ww_J^0u1GFs!QSschk2UYdF7xn-m=x
zu|yaD=g&rr(2m~IXqBY$RQG{Q-<$ho*>1YP1)<)3UiQ|gp3OIKw$+sV<$;F1)rP&N
zynnLtQCs4F`48E5Qte+#8JFpsT2A)IxFDSD-J@f=&i>3OIAqyskiy}<N<R)f5{c|F
zjct_NhGCW7@)<iZdQ!L%uh14l>V6D6@vCV62`ugTKilS`5>nGLv|$ggm!9=__VkD2
zoaS}W-Ve(^erb$OY*x-PU+5xsDrb2h=18{pg(bEg73g;K@0VU#M!Ip{#~>=}se&6-
z@J|B!sGvs$e<g6B3eHi%p9y?Q1t+NBIRc+m!3-7rj=&eDt7vZ(ttRwk6>O)1UIM46
zV5kc2A#j!o)}y`@{bvNese(VN;AR4C6-8ZN3f8r1{i6}7ILxCTiU%?YM&9t6pJ&gE
zZ6Sh88QVMTs|(0kuEW-7Ls{hZ3vBz?zTsN|C7rOiZWCx)d4b&;J46h>z)~`!#NW@e
z%*<9nKc2^KZ*TI6^K3z8jQHhwwmvg%*fM~E!MO?{c*BoiqQz!-=2zS2dj*5*7i?eZ
zO6{f@q+@;4TYeZl_xL{a;tWsdB!CDZJuh-7o}4GF0}W-#gU_>&aS1)&MFla(KPi@F
z6c`4%VNYZ*k-fJw+<!@Z{*vXCeW;h<(FX$dga({vuZ(-F$qF3slq~PdJ{mVheC-^&
zH}0{>8RsC6nTC6+VXq}D)v(7j{2Uwf^6<F5XDO^;??wvCRw~O5Qw@hkq<Tz0pJhca
zn<8@o%sy8a<fzvhoO&69F4TRN>BqNk9uJAt>^xy`=3y6y*q=Ge28?eVfBOu)8k`dV
zddtxuQfY}S`-X!>9bbT6v$JgO_=I6!Ds}9;2hygHT0Fyyb-|uteYy-wtrL?@c&{r8
zt)MW)VX~9koOT}lay($IX_cp+kEdY$9DbjDhTRz7)tsGz_kGt~#OXxOJJ3LOQya3h
zcrpvD30^x@^(QndJT@WR8j+{Jcbe8WG{pGBZ0v-XX3ZhM=rA~&qlGa-<kQSEq1&{{
zgHVNXa%6BW;+_}6P=MEP@|v!AeVt?Qn)Sddq+KAjcwA!;87=xw2V7U0N9a7E^P$H}
zqm>S&O*_rnPV8dpM1Bm;>DWQrO~0R_f`Yx-ygm1lEB&fluyeaC@K}5)4LQT@qMbgv
z?w3={J@L5?Q4bU>4%1iUFDEun{}Oy*HIGPl|5#kukI56;8ZO}V2rBQ8N(rzYlUj%Q
zQIQ7cEUY=+#KUa#q`p00{iCr&Xa{hIJ@WKhexPnRjC)SoVvAWD$@U-E!AbG9#psn1
zMUqc3qWF$^p>M&$i8*LDrQr!>72<8eTV9RU3Zg;r5m*F?o_W%4YDX&8=9c^~X{+ju
zKEx-;M_*7=n8qPii%Yh)!7RCZ63>d3^h`(UF$2q*91-^m@I3t`+yl>~<|UuOLu%j+
zgEK(Hn%emgTRpkckUW5bH4$TUC7#e11)PKuo@yx5J3zgUD@FhDIq%T9sE#LeDg<te
zs7y(CAAORAWVH%@6tG}z>dmfZ-Ln#c7OXQ0DaAOtWG`p667?Ulx3c0y=PtH3t6RTO
zyQm7czoLUpiy`fzXWv(}g)`^&p$(*^Z?(n!y<yR7C=Kc4d){1I1w{VbA*P$sMeJI^
zx=(2x>`xMmlf-KF+>`<0Pbb*2DN#uWPZ)(Xmuzr8g7-PQiGdZYDc<o)MOqi4BKcqU
zxi8Do*;w>I_91p|N;@(81iL>aR=iZsVyDJLX2Qr5^AdS7>>Wy3BqsF)8#eWYUYovC
z$_%HDn~o02@VvU!VcJWu!Sxx&xsOhJ3(YAGIm9X!+A%`eckHLBw#aKWim91~^_OT+
zPjdWs?2T6jwzvXGs;9%xAPwc2j@7X0SEdC=aib9LoI|Ytw7B@2-@*qKiE0N6f*>8*
zMTsncYYj;CB)6_%^QR>}as+y_&!Fs*Z&}H-HsaQA*{NxxV`c)jxYIUfxTRE2w~62y
zvSf!L-?H@SPtY>zo*w_$hsP<_2#aSF_F}VT@106M0%LYyG@5Z(TnaI=Ois15GLl;P
zwd3sK^tR&M<4iXrR?Ioh+Ro@H#vf<T&&Uk9{0$X4bfYKq;y0{(#=K@t0SMMMaNf$|
zI3Rlsl`LasJMqV3EPH08X!wS`JM)>CgU7U?mVj#vb<?qiP#=3W{;}If9}e|tB~<ID
z{}bx9W)y1WQTFbuZKJ;>GlR1P!_MN)EKpkI)vaj46GvIatG&hfN7+BGzAUys%Erz5
zHe|*TB^-}F>j>-n+PtS%AAY#l&Q-jHTKr3vdE;Q=;_dSuQi|O)owSim3mf|F354fK
zUU!(?eJ%0Xw*Td8gyQSNE&o%6R@~doYARbD0f)EJ2ngmbXavL@W^ZLDiN~wij_g4}
z+n}22iTPJG`zw1~v)ff<_@L#TRcz|(?II6wSoOCSHSi?YSFsJRck19IiNX0BhP1bU
zhP(x(`7VLAn+iylr=M8Geto^IxbzS+%r=E)0Hn6Wa89dYFU%g>Y-J^t`CuryDp}R+
znATGX*0xB0)Yg-{rjq?LyVr}Y{>$hqrBhda{68&X;ImvhM1`m|DF1}^3&?bW!*q`e
zo<O^V!DWW$GqxbRHQVxrK|FYf?R_In#QeYi#(MGWA-3MyOWa?<ez2|x`}aX|*E~Hx
zNA~WjVsmriBMUjCmXM1$JjquMvcjB>O>?-Ub$b5u^3YDddCyd_t2vz_`)l=^bN$y3
zvJP|Jwr!n-#W3x(kl{X>?*1m-eJb63%i^BD)l!vKfS84$uG@wc<wIT93@i4hCCPoN
z4bE+VGu&y_SjS&KfY4~e_X!?oZOw%Y8@>sG^ar*c8Tpx~GxA3jaHIqx*kKb@o8d{T
z&hQKkPZ`k!Zw=da$}&rNvw7GEIBD1#K6wCJ!z5dvWu$%nX~7zq>aMpete|LLN*SAy
znKCZr<;;Vg&|CXyC#S?@@uU^d3vXBZ+>t_F<Qj;q$=LW*U{R?C<G4TBn&!CwhV?1O
z{aHEb*z|<grP)o{5DC@~l?_v$P1qqa7>$Jy+pp(VtnJ*6Hg(UmcLRppvserM|MpBP
zp<r>$563`Fpan|b6#l7cqR7bo6Xs#K^lEon9j#sLrW55T9dq7}@v`v<#`MaMu&HQ;
z7A)!W9IfX=vF#aJU1#fOH+{!-!5N&#v1HgyD;tf&l>NzzFedfla5yNPJA@pJDo@X!
z6PTVqstNiM>)R=Gro}_^A{Qyy3Kw}%#k6@XU5*<RYVyR~%tC}Gx({aLyX+_`Bj1)!
zuTDuPkV!J!*QMAWsQi{xzO`S&a<+awO3(kA45Z8uzMSzi<Wg{QAf*u=EMT$lehBTV
zwBpI_X;|FNA9M>RB8Ej(kU8!?V!=+{;5^M4(csFm=`i*8gkJMvh~%dgyU%5~f6mBX
z5q=Ka^gSn#jfdu{MPmm-C1rTB%JIsNfm%K+Wq7*#g7m>L6o|J|3}f1%=3_HsH;sZr
z!AeUS5B2;yHDjWDG<;63G%A47OLrUBQ)gTNLia?P0lBaTkMa|Qq{9?2JUi|N8(fdW
zweJ98|J>}j8$uFm#OHQTWEd>a`Z+CpYe*RGiTt~aBg({qGnX9#s-Pu*y;8SPg*X+l
zcx*Z0s3czQdGj{bG0i?~gj8|#p^ELnQI_4b0G=rc@df@V3OIQ;AdC+9{+e3IqBNhh
z;zw*<4SVX-bh2+AY?BT*)MF+%J^<6g<1+H+1|oKAScdz4hWqynw@-Q%$vMNFRqfFa
zDPvE(9b>p{eKN(ccbq?tv|f=uSjRTZ>J;8-zhl2{%KrU$g+E)@U7El?e!FXnq3-()
zT@SjNh5&rCD{m*-65pfYmbQ^rdnzOkm80$&aSsuDayDkTf2%{2=3rNr10`gt{It~=
z2^+s8I~O%tM*h&^4EKNBXVLLeUd=;|69PAO)5(3*I1%aj*7lTBsq0}N4PT3sPWYx4
zB1fge&>PZW^sn8tiJPbcU>=5vC;1E@wCCyv?MXpMCFhlhH{GS8rgOU(R3{w!3mjA4
z%;@xQ<YlGIE7DJEc)iF8S=*E{NAog!Xv=KE%gj>B{O>+|3S}Dhl&9toF#EcoT!$%+
z+dk>hKaK}X0%XTx%=tp}ZPIx)Voy%FItWmWLP-ZFHfrnIJMeH&*FWaMSJ=6IZ#Vr5
z6iblzET1JA?kiLssUt$CA<+^|hRRh2S}@Ypu~E61TBsOy4XxuDwKc>2Z=WCLhUSR#
z*fBcVOnE+Kbjqldks~ZDY{4+m?<gC;V6gbY%Ay?$Zs^3qVz$8^(<4|peT!X5Rn<F+
z;Tl0A-WB^Z`qs_<0U4{+(7t~aheOXBag^2C6U4s7EMj4o<{?l<SEbch<I?+9&5821
zJj#YIoYj5bB5ZQ|UNwApz<9vo(d+F-VY0;&(gEEL^`1IleHqGem3#4aP;`AE(}~eX
znZxm@_`-W^hhr3Re$Ge5vjwcHbFmnAl<jspn<XKFy59UCE&-lO0S|UP8r7RuAj6GG
zb6Yy_K319*mi(cGr8q6~xXdERH?A0QLJ|Ab)unZE5xpx~n|emw@DAjL?u*jy0xXp`
zU6CwpanrEdUp&wlag<G7+&j1s5XQB4>QVN|Vr$R}ibL<+ag?=tcTiY;H&m($0}CfM
z2z&OsmX6c&jY87-vgBhl8dKf1(htj!xxN;u_NJkV@ZeE)>D?A$;W1YKZj!kDE!HJ>
zXh;8djKYE*XsezLZ54}GsGQ~&PqKRnHP~%xFt#DLgBaA29m?$^o;u3p+|Gg9=Ng4l
z5+%74#Q3+_OYYX<Ru7xw?iAh)u4we_q$VSkUGA5~vBy|=UYnswT^eIYWOaEw>|h=?
zhGLC0DxXr(RVfs-t`Bx{NDn_r_d08>zHG2!bMq#(dk@A1v@b@pCU?T|w!13LDVMGV
zoNh=v>CHLD{>ken{*u7@dS0;&!_t^^yR=m-@<9>GsM2ry3|}K&d&64kqAyZHmHrq2
z`u$0zehZ#-h6Md>GuEu8`VYWbs`L>@je;I>FTIVInfIH8Qevg{aA)zvv_->E%)fZR
zy7m7#VidfE{b&KdXmQ&PNcWcjuhL%yF3?(-px>&vKMbT&AC5v~fFCR184mU%&{BNk
zj4UVKzfW!xfmG^S<36iWe{ly0&boe!;=7Sn795ly0pcGtmvRpd+;u4q+uu6F(u++6
z0okK2!kc@U#*4*$PU@70$rzW44(nclBWdGtvyke(O1r%Lv~|)4h}lt(x8FFd_}Bxv
zK7b2P+B$suX!qtfbdLRvnMRr+7j>t%WJ?n?NV1!sH?Anp)%QY#b(<|!HvM;arC6;O
zpdIs{ca1_BHBD*#XlkFIq{7=u#=XPesdO+B49*#}#L-)gQSc4n&!(-gluqZ$a<0BD
zlzbLN<vqaOt#ByqMdG6&NRD7Tmjs*9^|n%Kb14RWQ>p)x{QE+=t$s9AkRFg(VYV;;
zQ>&{0TX&UYM&;Aphmar*&Zh%uk0Yf!4(TdY6|7@Y4D~7P4Ld__aUZ072DvYWSWnE|
z#qf>lopRft=cxBLxEA4+t5W~?cJzwJ&#mu{2cHw;58B^AJI`-GH-obRVGKw#xafBU
z_P2F&4bCzkzMHr~?~_J79pt2EYSg<&dfmaIQ|3cYnu-2Jgf@e-6H4}2!rh_ss&O1)
zj&SR9@KC9rg1gSA<1v^9!=|kJ4;b2AX$PB#TS{?Hx|j699b@esbS~}lmVHZmq+2*=
zf{ShBq6`3vZ9>KNdRLb7E%HKi2fEU6%?7<GZv6l#`c^?NWv|Y+jO!<#aiNj0p+Nvj
zC%uglDqS*7O5Y6VWO%ymhE7>O^b0lmcBM)N=QV%Sv$4@hRK8f2O#-^wu;>>EebuOQ
zmHzIh`2J59qMJdU&Qb+eQ${G4c49Q4eOf{GEXn8-QG@J#$Q&l`r$*Gl^>6H@d{3bs
z(Ch$BKHm4D6ln-b#UP;Zo&#OqUT8u|Xmn@qYvW}-$;&b<Z3{0R{d3TDlq25uaKFew
z?gPnvmHuF*Q7BjD%04GzqW6GOdLy90l=p`+#J`8G-E@8{1?NoTMJ6wWp|1m;tMsez
zh!Jk9)aT;KhLzCtI{E5Jb#D(}B?(H0?m|}~`el9;z$am7V^6oINwcB7pFn@`L4FoX
z&%^CK!qwQ`-$CemNok%ynCCTd@3-$?XTM`GynE0e?T=k>sm=)xhL4XJ9G|1%ERHIj
zZyO#e^$Dnk&bRO$P0v{VoP%e?T;{-Ny5^)A-v_vF9EW561sES*4bEr4Pob-O!{<(Q
z{{AGri`GWm)(}i$n>usr{L+%Hl^IW&c~g$&{b9A0IlotcGzFMl_Nc1SQvtHdx~o9E
z0*q<=xYA4khLk0%8af4dqHLfF+&}|Ip@m&DLeUCwW(?vwN-D0A=pWxQ_RRb3ZRUR&
z8{t@jU%(y^BVkKL<49Pw2z^4Yl%@1?Nh2ZarZN(C!mr)5XA2(*Ml$pyzYas6z@JT-
zu+(<P6X>dkd&AZh5bur-^x!ddfr&B|oXRwrg`P$omVO#SL)VV7`1Iyu*RdSn)+Pq$
zCz$TO&0yfcx3Iy(JBo*{st1yL^u6E#gWpjfVOTWl4$`A9U$Oh5(Joi9`xBi{C6nBv
zf8^nk=K`dXyHd%y<e^GG_F&^mlSR&Gxh@sdHhcVr(q`{K*KTrt!rSb+t)4g9qp<WH
zr{^kt+ygI0@<N{pN&{6d*MC#I^yXd$DqcQSoYWqG6E}Z0U9lULJn@}?JQ1>}F;Db{
ziEl2HFdUQ4`)n7nIu+`2^|v<zp8!1RJms_V3mfK_LwbZ~(6dnB1AhRN?ENwIAE%-)
z8g_AA_%S%Xg>J6?bMh4lDLJkrCa}@*q6dzbK{*w<c|n8cpYef=dp?H;@;v&1=Q-T-
z^W<zFq~v)PF}uL9xE0Y)ou~A&PU*Qv9aP^15%&Jw46ZrQ_$wxZlxN_vETp(mk;=HI
zw9T?-A@j9n(JSI?+|@?K)d4P6T{Y#du6_(x0gbK{MRK)LbybT^h3_ObE`_s@n4zr<
z=&_2&Y*nj*w2rG<jz+BlHDwQ0)i#h?HPm>A;Z3BRwg~kH@qVrE4l6JoFxc=1(>}rd
zW77G$uqwR)BDxd<#pob6`ezf(_}`>2Irj%RN4?JAbfE}`={#5)xVhjwrte88gPjJJ
zI^Si-1LlM?2vJF?yj*<VGi`&S6sd&K+++HX*j}79xGw%lL)<iQ0ovg!bP~3Io>ArW
zg1*%bCpLJroAO~H=Y-_xotv;^=IU+WaY{G{1S72*bg;#?Ho>wv9veYBU$p5oR$0EK
z^8ji0wHmt+yXo(bU}f##Nv^@Ei6`<n-9wMzp6byb2Ju#$p)jOrnEjr}?Ogn+BHjXG
zOZ9|)Olou*S%#toDFZw0O4q`#Wmz=r)$fFV`f0%ww`&ogDwh*?s0m)-idm3Gpy#|I
z*fKxdN=3{J=~)!zKIpiIooZ*q=rxjJXDC|ozqG@;6#E4MLul#(tej}z+z@D$(OW?&
z?J6L7@wzhe|IwqL?%hxE%D7Su&))MSKmQSeEx$~4a{n%^fD4c5Nnq0AGR5XNZ0x4J
zWkxhhYmcc251!=DahLqDZc@YTfJO>dMYPIu9f5ffG|JzEC>JAiZ!EEi#J&j@T7Q?b
zmsZCcnm$<mD)ldHWX{zi`&*!ay?aiIw3D9t_#0dm{uDs%hgfTKmf<s`<s&2Y>pU5*
zY5QD8TV?6!HP(EM+42vpEbjgEc{TSd7~++EF)VXhQlQPr#7wRC6h@EFA1pra;<Jpk
zh1c&FY63c%a37JbzQaCP6Kx(<#OFq)VUNp=cFs*ZjhAbjf#8$Rwh}sJX%5%;mf)@C
z#?qR1s83wfCp6DivcJ|O=^|LCwb6aA;+vb@v~dIUiv?WRx#I|lt6IByk1O^qU~kxy
zgHjrOyv!D??IiwL%syQkZxeW-t;vZs#*4ck-JFlIJo5{s)V-)1A8!{qgp(@#vH{1p
zwd+Ye+<Q_fBl~SKfYdX;n17^^YA;i02f3Ph(DVVhz?mOa1czUkb6as#!-jkiu4~K2
ze$X@I7?w8=oe}DXuV?E%=nzC-yQzt<v%<B}(|dulo8)zxKu=TKP@tU~1FhgtW1ux$
zJ=}Xv33N0%_~AfnekQM<ay2#3g>2Zmj^ZBtzF=LKF>A0^D?tr}j^nOwPG{c-Xe6AY
zk`2-n7^RIw6rFSe;YTW(Z_YsujB=gunoxLg6mIxIPCXwF(qeXRU99-mJl1A?>(GKX
zjrfU*5~09S)<@ZPa|Q!PYV#IGY+AX_7m4kicN}nO?pzfT`3^920L;DHkwMB@A(m2_
zD3U+SFe%oc%`m#xP^dY*>jr!Oz@)4T@oprd_kIo{bs~57kjpTq^A$7OM8$3**;yl%
z7s{}f7-3cVA%x*lK8>_S^AuBw_@Xgp&_iD|ymzUPkE9kzI{1O#syT>q4K{*h-Jz~T
z`7(-@P9ZZv{wB#^KsqjalzvFAC=4WpJ&MBfq;T>i6yh2k#F2cZBJWM|e&iswQ7*p;
z`5Z;wlH>=;o>H6Q|0j}<R^)%>Kz@<zQ&7ID;3b7#T)}i23S~D@gHqb-p>+pQ>8%y(
zQnJ29-lH3h7m@KDv<|AbmgK20E*se>pGfkvTyB~Nd0D&DigO!z|AnOV>l|2TlJyu!
z%Mu%{JCJ;xA~%t|`V`~|jdDH7-%-5BkaxH0ot)>A@MXnVAY-rAxlNF&=RjegVtvU9
z>m2l^a!@jqY}+fghamEfgNQFnbxjfL7X(cs2s<RT8RwC=n_wY-pX4`AL!Q<sf05+0
zGlYD$6$`Gn7meo!3jIjob46h|IcQ29^`NPvNdBH8e~jesko^Ps-5khYSLDq|zL4x6
z%$IW{e~!ydzrT@b6w1~@p>b!B?mi=pp(1)HE^6L@i#1e4Qvk|XT1_snQYlN76okRS
zkCW(7SUTN^-+YrLeH0<yKf|8>D9v`uN)xog%$GN5F<N#?0U3BN(M)dvADF)HuQp;D
z;)g}F%80-!^(|Ln<;pzRSb+C8(!T<GWnNa}bd_hNOy9o|_d~CR@Mz{9qeiu*qWE!<
zM8`x``VJ((mC4=sez&u(n_7kDPM}Xam#t5H)dy#p&uwZR(G``==v)70GyW0nip70E
zTEpgUG6#K&80q`NShjytesafg>Tgx>w&&!I4SS*!`^M}Uk2BX!ICCA)fzZL80R|i*
z<b+{c*8lY)$HyOu-G{vd(-NGWV!0jLJE(8WRrJb&&W&f<&v>GBL-BPcEW;Bsa~2!E
z<x!jZD_&|p%fkC~fH}K;UX%7W29)PSd!E)As@?k+{+o^h7T!Uja?T@oFTeB18$;>W
zxcRyAvq^f#ozOWw^K)yCe7oIoN1Xk*DKR<mIcrz4GvHcyCm5GC`t!-AieYQBtzyz)
zY*lkg>w-)DuuT*2KL5snyr=c}k!ytEeRx&A4)75$<8}VZvm7Y#DWgZY|44D)$0v;2
zQjgb2mSaQ)_E#RGQ}O$}dYHKP7wTMxbDGmnLl1gSp>>hIFA>puuYyR9S(NGPews3c
zUELCGGi8&F_c}z_d>xm5gg7Jr%S-=YJlIidI<LP29lVXC<d2bYRGhMp4tn@V!j9Uj
zze=aZseh+<dLd72fI0odJKa&~pYEuVb1o=r-6^=Ji<EXjjMBo&)zV(m&0>y!wX^jH
zjtY&G2B8YrdRbraZlYj|URBt^NwU-gHC2ZFKhWm;Q|S+S3PS{C=se0(Ctv{G8PH9V
zGkudlX(t!q4T6$15>mx*9^!%C8z30#to_#J-CL2yWB_zf<2r9`FSP{Y-p}8+D3kq!
zP1#5kNN-9ZENg3@<d0|4IcEiiy1`lRj|l<EZzuyE(%sSR`P=3h;FWsUGNU3+oW)LT
zEfuY=vZbGXCHgOAL$<|=r>C<S+tS4))7hSF@#3mi+4*frV$bO;Y<sMj`YP+b{YUZ8
zOcuH$RkY148nI)5F8S*`%;$8^fc8>v9QM-je-BVZ>8ME1{7OJ-4K&@;#NwG7D21|$
z&jwh`Qz_=Ep>*c_E5)4uwodB8!HS{oM|oY20f$d~?WTk7`_pjhSm_^)Y8X%~Nu<(O
zm}TeZx+d)I&N6XDE-T&DR?Ny`KkiBu<FZ(MVZ7KG8iifOW0TpO!dUUbRMetB`>t@U
zm^GEX`uPCy(Wyn-KSxcnT)ZX&rAt{<5m`C|`o9%90Mz2~;}zMH#iEP4iF+rpAw}0j
z%S6_1_h(_gNmSDSuJGd|_UG<+v3L@T`m#j)XCnLI%buZr=|&vXU~ENyRWGv^dma^E
z&MF$XXTPr5$zn4`k06{;>E+_0X2lztMrTi$G$YGuob=i(>x5~u-Y`BlD*Z|0v{}=v
z(<aO;+Hn}Yad(MgDK1lJCzU3tbjeZ$f44xP2UI#rmFwP9aIdQOxXK$;{<ca7s(4Yp
zqQ6|Rw+RzeV2G+PQKfks6h$Lb=w-FQAT@xC?<@H8s(gT2&}5ayFIVKzs{b{r-bIy8
z<@WJ{Fi3T{Lv=V;H4xNmBb)GT95dD!{kESlv+r~<x-VGDw{f~sx(C%>QHs$)(o*N;
zl0*D{jNi}E-LF=){DX7<D4bu=_lm!!?4z1ET{OS<;P)r^{TaFkP553ZLF6S^Iri>D
z*m|!01-~ET_bXgW#O91H9$QeX%5gtIy&jScd5C-YA@0qGxFrv9TOZ;|8@c`adl!xW
z?yAoJ^_*#wSnT($ik|ttW0=AnyA&V7$6>lU4#)r7->)e9vQcLnkB##T1l;~{S$+r4
z6`<=tZ}pVr3ed~RvV56%P=Czu-MwYGJ?JgaR8apuvOF2IC#Vy2Gw5c*`@)`hP|6t2
zezF{*hd<D+pw9lXJW`M4Z1Mp7j{^WFO|rZkG~x+a-VM4N^d#X=%ktku(`7k200j?0
z!JxaJk>#17&gWnUI(dXF?*p}hUI1MV`Zs6<j(ww>AP~?2pzTM=@>tO2qY-cuY{EB>
zLBs^Sgb(ecFcuMmMr6uzL?9f$3`5Z6<55%4hzYX1gz$+76x2Ey1%jSLviTcy<P;Pb
zgup-tfL4Hx1?`D+`3})n(88dbLHF74a1sv}K-*786XQkLiuBu+C>Dwg&<fC*pqD|H
zfJR`k*a6xT^cd)5&|g8VpdpW-V9>6h%Rw_hH-pXuwPG1sLUOEcJ3uQyZO8E7k0t9@
zQouSI5(2~7vfLANH|R*v3Q#NPWl%bMz6H7)G~x|(5y`Q?yaj4qhMI>$ZzZ~j=xP)U
zI&uvP2A#YXcEqnkg+WiQlWp?f1gwW4K85TC9RRv~1DYDN0@MjQ`9pLOX#0&AR3!fx
z0fUa*j4m=jUJ5%<C+Jwv%b@RoMtp^)22BOs2WkbqKypz3a8&$j<o~XC82L4tif9=k
z2CeWSV&couRG^bVj}Z>~E2wop3T_Gq2hdWWBSA-k?yf??gnxs8K~s;zj{PFViyM2e
zU|+0gOk|yX9rX!GXi=7by=9OSbFUs;6E^hMmYp_(lfZqB7aw78SomV`$<Tl&9sWx(
z1L-}Z0{?O!N13D@a2edz$JyXtqk{Zluo{9c+$p^`Z3Q=p)PhpM)q{J9h5A|sOa|Ad
zCo8RO7qA46g+1B4+E`sSOR8<7KSlt1t~OqO3r`8`t=cxh5!fV2y<|CC#}?GK2<i#8
z59at|yr7Zb#(-PPzWKFfuoc`HaM3|*!_C-$bzo~!SYBPMSokE{R@X6LYZ|I1vYo%j
z285tSW(&IuR2nSHKj~OmZEV0;pc^w#qgb&ZgH2aR9>|Rhwhd(bP<8~Qd?>5^wPQfw
zv*<>VJ#o85aH>D*I1H&uWY>R<4VVeGd<1*(TCA8jlFhr;F`ypPKUHK4uEhpifYA6n
zI|4Le45om<cGkrPP*SpwVNur+<_qW##nC%J3tnQ=ug8itV_6<ZVkX-LV$NhoK*ndX
zT9Cp_7W^Ax9>+R^TpGs)gWMR$rvKJ4pw)P6LUe50?bv{0$VcW0tQ11yM0O5j*hF?$
zAyGHr4Z9MBya<v#k<C-MwII+e1u?@8BoTHXmnO2Pn+R<Z>j!dU5_=IOd@`E{GCqr~
zz1dMe2I;2-9|yOPoQMnITm&+X1zarWda7I?=SG6-16dp5I$KrlQ;Z2AMIDrb9Ox>{
zNc>w4c{P&TmMH4kpnYJ6Euz8q+3)fC)%coO&(`0J3kX4q%J#6kzoY*=Eb5Pr`mIZ3
z`8vDyYh1uPBwNa+|AD$JWqBZp%h)!M>}Bi-G!qK&iwySTZ!Lq`BTw}Kw~~*)RB*-M
zzNDcYJQ>`W_hdQCj}I}*bsLwndAB+S^jRUxkF?;U@&Zufc6Q_z`d~Y&1sT7c1^<bn
zwzJM4_U&viNWpeC{m+g8XSSpDl(BgX8LnmrD}_+_jGY6y^clPRXRJPP7ygqZi@DuK
zzY$O2%ygrb9!afW7wdOBDu5DS%`W!h?RG(w`^FUF&5$?iNpRKR(x@H(KbrLx<n@q`
z)YGU9ru>+=N0y)FY)~rLF-T+mSvOx?z)W!2`&hrfV%g#SOIXc**Z<?c1UBZc@nXVW
zR{GZhze~CatbhGKe)Qjeztcs2JnW80$%kL`vlZ>tN|+$9VShyoN;{|s3a%)0rApVU
zbhAo#s&uzXzgB70m7>yn-2+5v-Ktuhu6xsjy^5cNy-IOm>~+63t5QW>L{qaWGOMC<
ztEP#%9!(qm@KD1aB$~YHQ-bZaiX(fi;%Lb#A7G4v2?{UhR>k}2k{=0Ifp7qm2*7^>
z<{Eg_SoJXh4SxkG0l?1$H2f)`GdlS22Y{C2CYJzAB0y08$dKR<9{`#){FR`&l(BJ1
g!&lY%>w5WtUlp&{nS#azD1y`M^}kxa?;rSo0GOA9EC2ui

delta 18832
zcma)k30PFs8~2?HgMi?mfGgmjxG#Z;;xYybH54S~lBFo7;=ZI{w&;v9D8oonCzssP
zva+&5Q3O<GR5ncwwMFfpS*hI-x5^Y#x!><S_k!2||NEZjo9FSq_xF3>^PcxC_dVyH
z87bc6nd9)x@9L3LFTB&^W6P+!0{=8fK`?Tx!_^D_#;W?UchflEAm@8>D6Ai$$cAzv
zAeFPK<*aJC23bIk@lhoku1gGGby?w7U5@294RXAP!jCU3(arO*oV}mMu{A)USHo3v
zp^Y%sZxSceh=kEV#IKK3cyGmAn1a{>gg@n5W`$R2Ax-r&U-i>q|19^@T1Zjq9VRp=
zZm0!n)PNc)4o3x4aoT@5x}@4K_A9*Fbg73W@?ILRy9KUBey3a-{OJJ`HGD(Ei65rn
z8yZf0yoPV6pLl9S!$)nPMIgm94J_nhHDKbO)9@*3piRJ`4UM0%8lDEc;ghD})v@EM
z=^EZsur!zp!hDT_DsT8K*6=i&8a`GHPeC<&ax{FyD3LB-!}~NCQ~m2Tilz+;$gLXQ
zPs8uf@ctUUK*KlF@WmS5py6HMdHX4PbslqdwWdIGO@SH>PxGbWb5_F#Hjt1PHGGhU
zmmcvJAy}ih^++MK)bMp0zLka-{!QbE8qiw9du#YM8a_b7x8=M#{;f5NcA5f44IiT6
zyK4AQ4IioD!!&%1hHtOoV=Wp*xJF^t@EtUKiiYo~;m2zD2o0a6;X7&g=_+rbuIsE(
z%-0m?qTv^7_^uk>s^Pn7_#6%2UBl;V_#T4h`CG41^wbpCs^NQS_#GO)w}vm!@K0#?
zVhtbJ$YcCn8bws2LJ+Dod>;*8qv4;_@MkrAUk!gz!$)g)iFlfSGz9%Lid&ij{WW}@
zhL6$kf|~lt&j1bYt>Fi1_y7%W8KhCP)+h#Rc%z0lY51-heu##T)bLMf_!tcztMEoH
zVl|35MZvG;`)TZcaC^&d9|(dutK9pDAV;_S-6+VNTH|VHAB#J})5+R>QO2iJGs3h$
zxNA7}A}kViaa{i!Ff9n~0*>zxrd89umE#+PDgV3kIll6n(IQNz#P7Cp;sO~^U%TgX
z`~zW1^zJl{PZFjC?@r;klCUq~SdPmGQ=WH6a$H21^1Iu}@mGW?ue$>{{^U0c2ukQ~
zffHNEfD*a;Ry~MLYY9{Sc3<T9ZNikd-8CGqAWZq%?c#VTVan6)0*)6Eru^*Q%JE#n
zl$PE39H(1|pnUAMa$*8u%ERvY9FHN~ns6G&&l7G#IECY<2~)mx$8tP`Fr`^{B**;-
zQ+jn9IqprE(yBXvV@qcuD4)6oPJ|I|Px#hD>VcMojf5|9+>9`#Q+Ex=UW7Xkc5z()
zD{x1`1svZYOli}-mE#+PDP6kr30pc{A%fDR+sX|t5T^9#p3m_Qgefh$(>Oj!xEtXV
zjw=aM8g$2UTt*n_4?Vzf5n;-DZX?HE5vFYC4gj{uojxIg(wtl123rVIdUM};z~=yA
zN^9<m9KTICif|3bD+p5-bGtZRN|>^jyMW_Ggehyew{kp}Fl8%u{sYu6cS<LMvXtA(
z4JHt#?Bt%$@fgA}gwr^Fp6~#|DI7mdn6i*Nmg6CWDfze~IqpZ8l8)QRac{zuY}^44
zT2c!;6G2(VEpUUdUs>0-{rsX^h6_SwlO(&TXG=D-ZD?r4MWayL#LylI!=*D6d0X#2
zk#Wg(H1k$5w*72-+fhc^{+qL1hV1L`<_rjl6{KLeEFJ~E1Q(Xyu9e>lQ9nH*2DR(v
zL5gYZ!o4+C?H+-`cH!LO$9A!gNciy``p8RcNW}Ogsypk5Y|g3^7l?9=Is2!~KPa`0
zOLgygUl5LKKDqkS7mR|<mDzo?*?zg!-<);G+idsW3laq#{yTAFcIeQQ%uAK}k1sG+
zNUPvY=Z%7p(V`elqef<UI~U(gE4&u+v#+@OQsFmU;yuJUzZN#{@q#F}`GrmGbye(j
zfsN=rRjl~Au(<aCeIKDXR;cZrZfI{K7s6mKL$<e05aJvOv1W&71*zQ+pfI$zlD@e8
zKGv~swwO}HKJPnC1PYAqC5G=~L!-xt2lo|jh~DNS{<^r(^wbGoF|xSO?^#JFrj)Qd
z&%G_WiVIgHofAjqoQ@R?MMvd`6BkQjh2kA$u|n#RSgUNyY*JjsL6j@?Nb#5awzy0Y
z!_SaaafyPCC}OuFiptpT;U8K?J7a|?SCai+vi+j;OO-6=4)d`ewjP$P|Mq#UWr<Sl
zX*uHi#rtE05~{X#)L>LvLY3Ag8j7mTc}r@_D7BXMJVw5x_u-{BzJx-l?OH;i)P|Q(
zD79@%D3sd35(=f(uVi;wFr>bu2=I}caZV<sgf&m(k(uqkNRe>p1lwvv{^Rkks+8q;
z`z=p-@S|8=azsVI!G>60jI-7^M*D1>q39&)DR?a0XW-=jH{94DO}MHX1UB%6a80;B
zRVd-keqm?p32OJ=9U1q6)D8;F;{a+)<VbsSM`H_@l=C8m$40Kwbxioli0Rqc`3HI>
z$`x-voa%n<kStqGJ-Nc)dAy9hKDuw<4L*%qryp{88}?Nj_Wj`0GuP-(I!1H8n_7Nc
z+=Nv3G#8Z*;feq%Zyyud^YC_~kR{6*1}OmUtMp$1Ba6rm)6PcC9Tcq6uiws2kC_}W
zA6pQ!A^s4iow$EC_8kc?{u90#jgXp`p%0&MeoOay+&c!rab{p`i1TabN8`ro#12lD
z`ce;ZfRp7y<omIGFRijXbp*qX@!ji`W#k%LJtk3Eyh?6W$$yA6tE59EuMs(1B^RmW
z??jGK$w?}Cp2&$RnWU1Zh@3G~W&5jaHL>$lvV%%GiCm<T{wi5S<WiNaLwhOuFNs{K
zlE16ub|P0FDeO7USJ!&RcShvlW)A&k+)xo;9g=IcnLR(gr3jHezJIf(P?@ujW`r2Z
zg72SUUyL6RP<O^CM4dKg-yza;<qW$${y8!242w%`D-J!wQd3*|^n!_DUv!5vY-wt!
zs6WFtr?yY|<us}@*w!Hgr|~Erw6G+{l4|P`r(npw94rX6rB>5^vdMVOSyPRXd-4EA
zahAis5F|oK%nja*JKO1urwnD$8%{I730?cHLj&=Qe_SlfsBi-GhN9q?N$k6mWWOuL
z+?D0H18A4v(2oV}@E>!UO`p)G$z`1Glw68r+a`<^ou}CS34Mb1pMpNL1lM@OK6A5p
zLy_sjQ*7wO7uq)gCuI0K3n(m0sVrxijGP)7?=U@iiWN>Y1)r@k3JcEH`efDV4K}@u
zN#}pAhUwEH0vAG)5o<ebu;m7#2g;(i)Ud&6Z8|;;9vw0Xq_Y4WB9)fNvik)<wDBd_
zy;8##r*%!KP}(@42-@b*njI;|T3<&>OplcKS~2RhvtBW14TJP7Q_Z(<o7uskzl0ks
zG_7;>CvfMhujJRm-?Ce2J!1pn1R*DTG2*mg<g?I0R?{phX?CRMXLNPuQ&WFIx5DF#
z#AgKM>Yu}n&4rGbU(Lo(3T-hN7_-A*3q%iNh7A9fIVSa*;W-pdaFHW}Z8`UR>LhvS
z>NJwqM8)eN&cW+m+^Alm?E$UXkv$fX(TZ=&g6qoIkvfO}3E1)4XqiK8B_~<<D?LoF
zlOKa^W^-!7Q0~;%Y32R7k6h`yTtPW|wizCaBTbX&p0@cIy6BV4{>q3>pI>e?FlU*X
zQfo8Aa`j)Fptv%F674@13w@aUO1R;zrv&T;OvkB~5^zsUZqsZe%uxT_01RVnH5)T|
zK;MU#v<}CRb><Vf`a8#I7}~%-GrV|xe{Cf9kFz6_J6bwpR7w<09>s|2JLmczML8Ru
zL91yE?od~O0d>_>p|^Z!Qfvc6km$o<R?`A9$p|#(?WKLHvu8PfK(_6st}uOty3N^g
zMmszu&%#i(lAgy#8S{Wmof6bO8hoxk5?AlD@ww4maTD)-%V6`u8(HbVa<+a-x984(
zLzP5gj$XkX#^NFu{=~-{%JgR-ox_x>|K7z1bTOLa@ZSf8-7G4PB)os}4fC7Y+V?fk
zLPm3^wTktg+STU=W)$Lzac;>bPHioYUdvve+Ftzb6SiS$uYn(bLQS}{pH4N+hJ*`_
z1N&p~Di@m*L%T=wfNHb-jA8ja)P{6&jCa=#0g+ECXS(zr;@~5!cX}J&QKZ2{j;&%N
z(g%xA9Am4~+eQU~O~{rFwx<3xnSMV?Msd#hN<-Qdpdon&W9nsDI)_&qr?s4&PwybQ
zj<WjnF!7d?g-r_${t|^8p<m#dVAz*TStRtmqbz0GOa1<;R_Zj;z|F*fBsu2n$TBsd
zS`67=VxGI{sJ9?CE=%^y5DToBp}$wNU#3}tO={5;n$~;Kp^oT<)okJPr&{)dCf?EM
zNr;B}Od-{*dio6CnN?JupL0by8#JSR$2fviC7SIk2!d4cH6^k!+-h*VBYH*^TQVc6
zX<HBr&Z2IgDpoS1omf}NewZ;P^gt#0-JY;D$u7k^dhG^k$da8lR<gvILueVb&+ORe
zW(8FnWOj_kUTlHv^r_@CFmxwoV?IubOQA-V$*h*vBI{dC&I)#6X1G{g!F032#EJ?Q
zKC7>|u!6lfE7h+re3|XZTOIzrE0}B68!aZ4lk;|P-rAgXSa!CrU`ew(h`q|${Mo_c
z#B#QB_Vb~EFnScK4^U&Me;sKEwa=W6eV#t@c&IN{@K7^8`=3y+x1dm49$_ozgom`J
zVg_4@H`-xO%~z_Lvjbh&;Rq|A(_cJsm_3{`QOr2ZCd~cTZ~q}B9EX1IAvR#%8_!6t
z$EzKv^ia!BWtn#l7B1dD?;xdEO{HXwWLnTLZbJ~BBl?<){W~vm_^bcrYqH|&gHQga
z39Y%eIBu`bfTKHT2E5EEngMfM?DhFkVwj8VoIlj(Unfni(7R4{cm9MHPXlRt{=G^z
z?bQy!EjX?E+kh50qRmdW<<)MTzAHlkgYBjcPs&!B@@CZLz6fYFT_jzues>wW_G-Ae
zrJNZSnEW?^q`t&-UQ@<iS}?xFm4j60qp7r}f>kXDZL^PPZI28>YaP+<gY4mgelJh|
zuR`A_gSz&k|LG9}f68OHz1jlT$FyHSrW3ME&vC^N^veX?B{{xiOXs&?pDZ+pfd|>X
zg$bhT0IOfPS#+1P%^Cf~<_FmK8EcwF?WdRn6Z0}<r?ZkR&g>X0a7wKq2XQ!}`|W21
znVp+g(0FIGNz8juPVRQoDOIvRGP?ykIIG$Ra{EK2tka@5E$ioEF--VTNVXp~+rLS)
zf1hZ-ZMHAjVXjKZN6bQU_I1M=7v4|}YYrtu$uZRiTLoyW;T0vQi8g!pa6{|rr{J;K
zn}n6)LX!RWWczo?_M6G}6Ox2oh&eCe$E3W``P`rcmO_%fKFL1pFT9o|Ig$fX@cOXr
zD_KsqyOZq?QB$)0w?zAYlI(xe3k4RUWV0h7pI&C;9sW6}v0)FnxCDF1D7N@D18>W?
zxbbnRaTDSurXF$lccaL#nJ7bb4aIv}7mpHhgHIM4g^Xxyi^{R&JOs$9pOP^=tA1fd
zN>=^c%#qj<1=J3=nm&d~$oN3nPKADm{Ubx6`6yJa6iTuuyLf}oum`Vowy0aHceh|>
zCSb|<e{HQ^g+ZeIJerPoQ?zkO0A_X&3Se?X!E-|P9fQpiI9J~jkhWBJuuM>GR@2RW
z6jUhRlPGmdleTex7C3{4TQEq>OYk=5J=X*yh*hl`Ll~bspjh3dVy6HuR~K);hrSi<
zhjNmCNXpC3rz-OD=*%(dbdvq1nMQJSagzO%)a!d{jD8Vq(Ci5X*xT_S1~#l^+cwi6
zTMm*7X_6mb%y{mzbHzdODJ2rmmx?1Fz`QD<dP)S274n|GjiV65@@kAzTvmNkvtvoI
z!FEnTq9L1(at%fPai|e<s2WW+=VcquV~1We`Uhm<<N~asRI%BTx0fo4E3O_oNr-zP
zMcQ#3EM^d96!qa=>|m^>-9^-Yw2tuzrA>H{sX)U*QXoz8qNI|`?bOGn1tNC%Zvthu
zSJSNO>LCbGM=91sdnNoMa$k!fdnBrGS0VOYSa$3ENS_hB3rlbGBr1!uo>uOSqz(Y}
zyh0glb}%&N*;d@(VZlnbnOcZ9`X6yDg6tiDhT`R3X{XZ6Bu9cPWu#Q`O=BA^)X38~
z$g-Ng-D^Z6eVu%Te};mO)>CbcWccR8Va{7aRY+@p#<VjO)g|a;_ga*VI;ytDki8NR
zQw|SLKvLdfZ$zKbj6b+n&GvKB9Asxc|E3l@^y^VyA{+8%Tf_B?VR43ish()+bZPx2
zwq<TNmj9+fH-T+^vuCR$`;vl&k%wGQGaxzp4*TuRNK5QHH2)H|Vl~F3b4x4GGHTJx
z`)Hvf6I+Fwwdm2zVzWIHMo3e63G0*c))efea(qf8<t0}q*?+U2ql~hmrm<(pO-Hz~
znv8p>V}cU%G9oCU(iA`e>G=&f<D^v*y+hqnnu3v#Dlo`a(~Ux<FZtA6gz4glj(`{R
z<@!f`NkK?^e^MeY`Io9H;^o57oB(Vtn!vswsoSr}%1WhIr1S6dhLIN(x2Tnl;FZ3i
ztyJWd7J&M{3}758H59qx^9IMd<4|#yX(lf_%%NY38+(Ea1Bh*GLIDOg>L)d1N2W`i
z0Th??;JiGQceX$tj_3x3c0t(%XRM~bc2nyEoo@cPB-yV}d!%rLo@D=%@-WuZOf<04
z+l<McWWOpM+D={MLD8yH%`tjMlKofrL(C^uw<KNs`zT9W`mFd_Ug6HAw{)UVz_wUJ
zpZFKMQM`PIt)=$p&wP#Yhy+8o=1|gr+6CVuSG7(aaJN`E7ArVCkFl%PuA=>G7PPEK
z;CL9LZxU)U+9wXETGZCr<QRKl+1%cKZy=ct_`~qQVdG)suhiF!!W6T^uM-9r=6!YG
z?765X+vUUyK;eyLOegvsV_8{U#Lsfr&aBadJZxRWZaJ){ZG~t!#`f53Ey58&ZGV2&
z))k&gK|h<_rEM3`G@Z~hccjDbV!3E(&Py&R#etY3J641^ksT`T`kY<M?$IXub4u(P
z%^jm}IiKJK?H8my`RJiPvx8Z}issFp)>sTX#-^<3?<;`9>~+3)jD5T!!zY{K&^tFB
zV;xowZRXtzjjF=z!J!PoUa->KxzuJ9qJApt^bG|TkFoiFHS*IzY)J6-wpmdY9%C0*
zwiLI1!|GN>i5{=A9y!UKM=dl8OP@er^=;^@FuWyY2AUnw=d!57?ofxZEjgXUHl0{S
zPK;Q2jLA9Oy*=g|g;G*Q*}IAh7qD^mHe%g!w#eQsz=UU=9>lMx%gE$w`$RG68y1k;
zE;+7yW9*1*&~hI3zr0&8-)f}Mc{Jbtko+NQW3XAng#JZp`dBG_Ln*d6cXEeiXmdVo
zebKE6U9q&-s}gK-X)fqQL&A5?so$`NxdX+2y08I`>6WcHzlpk2n$j9ieIe?o(*L_1
z-!{x!m{FNc-#7_X`jC&&_vpDw{T--uhOYW6czriC*Vh7?tMuCs7zI7_PI}=kOL4^t
zr39r2xHCIKU!4al#C+KSXxA@*wNvOrFYOo1cFSR@eif#DSN%td&nZw>>Sw_-ky{jU
z7AMybX)eBXR+b~{>&ce`Or<^p*SVGY0VMDk`L?Cr&S-7M0SIyn{=qVwduWNPE-veV
z&hWM!#~ertmRf`J+HW*T%=YtA-&`cXAxCh^ES!iH;_ZK6J|i)2lD<HUS#@}!J?kUT
zt}pvJ6n7+S!gm?rubsfr^eyx*#&4blZKW4qT@!Rbf}I~Bu5sn)*M4LaYPX}aUd0}E
zy<UKE=ujA2%BU+!bFhD;K62er^5|zRDF04EA;Dmqg*IUN4Ms`+y(;SQMp5aH99hoM
zFN2Yr&SdaN|GAW^M^h3o+cL43m-WPyGux{q2O5xQub_RcZICx@L#4#53SFf|wZRf2
zO@|FXDhh*v*?xqQP$gcbn-g?|t|8}$F&v$Qc6%DK=ip7KQh)M8bgIL{u0M(!x0CiG
z4%2iPOHF9RX^%Vwh7NOp-G4Lo8jjc?yM8@xD)shKv_t1!rId+AnX+?dFn#u*J4%Xi
zi7P%p*Af@57}{2-nzl@<Uq%V{6TJEnRJ}Wqy9oVj3C>(R2KO@9hNAU@BMsS0A+2xf
z78`7Xap#_g3)*t5!Omi{sD}F+4PPh2ow&s9)4Bh|z6PDY0R@oM>4_+%-(X4CF}9W2
zGO*x20h=U8uSKva8;B04&J1m6yEhGXV`q}8&q`S~3GiZAE?A&-pGQNg^ar+KwDCdj
z^&(HU@6ZzxJ)SPf$Y+wJHFV8MM_<V_=scmzGA-L?#9YZ9M%%C$oMXZAkGBvrO~%un
z2>9TN#>v<pw(d5(VHVS2SSkK$l)Cm}T4B)M4ultnJ`lE9F2su*W>|h13z_@hX576U
z1#_F&4_OawvfeWoR&GX9uxBgP*`PLjbj*<Dpr&V4>D)HDahP6238^3A$TQ2!?xE)d
zgC*-2yrtXqtF|I0+ILmymtf~lk8P!XF7B{Ync7o~ztGIsNi(BBnGOC*psPnvP#?h!
z#^9efVc9SSo6s|S{$2Dy{f~{ou54utENIkOXx%TNwUv5bM4@x*;1IQb4quWThB^8O
zitg%t&{g_xu^)Hw28HHOZF~#86(P~X;q|xj0N+G7R@0{+(4g3MQ9;Zh6m+ju?w?0V
zXI<1J3(}<e%zN=si;gDEZ48An&vG$YD)qZjzu;E(gQh@OXgfX`!~1y04+6tGzAtVn
z^-m%Uox3NmIrMw%4Cuwy76P1ZNl)+H@O`J6EPj!up<~f+8GgtZJWJq91&@TN>t)|y
zN>VHP@t)7Hl*OM`h)xQzpzO425u^}P%g(8UheC{P{C?#xG%VXSFypzhi>k@5oXHqc
zc2y;6IAO@H#rqTe;w8ymO9?D{6lRBeBJ2Hbgk}B~V<R0#bT@3{Fm|V3Z<y8JDYLo)
z<4Ci5D}3Q78^!n}<kLFK0dhwZgY6n7rF$a)JmfceIIeieQazB~q5pX^Jr@?Fqaefb
zy;RPolzXYM+*zeul3I@R4*hPF)6_f<B-Ol-JXpv>m3|mrDbyvxkDSr6TAHs;u-se9
z1X~DOtI5&>?l8lmQ5-X@8A`g_(tVZQ>yekL#qdHW_ND7pFA1ub-rUQTP29<?I_~5Y
zw)pPv`MoI*C3y-tB_M@NUf!5OE})3pS!a=D%!{a>+!u88TjCu3X5x3CaMVvc)uDum
zr@E|Pn)2t|3Ijg<u$;=)L5Tegs)`;RZVNw#tV-DC=*N<;@z9dvIRu6`IzG3IJ5EFr
z&03*&?$qG9dxPh2)$^C!n0ubXJ=br9GY{2sFnPYinyqP{xB?Te^qMkkOS7o4OM|R~
zdKt10;_I)wp?_1c-MB3a+1F@Dp})Xw4Xf8e=MF#>tofP{3-@+Q@zzG`Z7lcpHhD{K
z^rje+x9dtbuZ|*b-{9q|U~Y~+1=dQMzNmPtQmvYjRfTGGXG4S4&PWSiIku^0myu=M
zbO^!63vUcA+7=8i$BVB1dz1qB?Fdb+3}4zC*nf`tskT{_z6dJ%C<T;4ZF!;X(9jV3
zakK#_t4?RIy@e{WOv?c+K=XhcrZ-3_1EvAe;Ag*v8`>D8AS!7iuNU96nMS}+nyrKp
z=rBD^Fpon+b|;wPvAmLr7N%pIuw!$KcG2syY=x6W@MtylMF~06FIV4V1Ae-eqwfri
zLp%5TXobNR0UK<EGn!yUt-_jX<?A^ej4CU;G!(l!+NiIly@2T>DwWa65&iWpqu>bs
zlCJ(=;2Q7H?|^X5`;o$skOgE%a4uKpDC%s84mh$~PG)pCSca+v=_BljE3=m!lx5Md
zPe1y7R<N$MW&WjDLHZoS<iw^~D8phTl!}<F(kJk1KazDHD|k2pa^{oaG8mfk_FCbi
zGytZUFJ(*lW0~UtqcYm5m(mjl#jYDluDFfWD(ilIoKwap-Z1>WBf5S)0*m+^@mpN>
zzoct$;V@kVDg9ig6skZWt7&b45q;3cVR{!gj_7<`rCC_psFyy1MI4rQbU`sFCt?=L
zwr)d^KO=Hy7{MBXCjntJ5<f?XD<doWxx_P9k|x(C9=h(uD%Tslyz?vdKI_?~^`i#u
zfH87IW}MUv<C+!YX~-_eDrPlpScg?Cb2Yv;tV5g_&Nt8+T0@00S}vs?H`v1WW6h~3
zWwsxpFF14d^OaHG4<$2OQOJQ*q=5SI6PUR@0r3SZz8J}9>6}Kr;iBUK`!VU6CG7tD
zA+dW4`6H2PD9W~@$8!>X#Jg{?IS*gD_?FU9$C0%NC8M3QCw!ub_uit>$)?ev$LkJz
zaYK|YgV{HP40s0LHd#$6WM7Ofz&e_Ma~y7((bL&SDZdEi4Mmx#rO}6zUD(h~99_bE
zHg>e6m5`I8YpBvtC$54t0z-!bhyrQ*KD3Qbvmu<qkq&-aFc2Nb%>$e<N*y(CQUPdj
zYEjBvJbRhEF63tFvEThA)R2R`Avl4;qqYObCG3lh0lH=Ez{b9QJ+Z1eMi=0`LR`Zh
zZ0zLYC|2gp4HmF5Wae5RtLf|aG=cUfmlSAjW1tb7Y7ErM%>$f6lt7Cxz>fzSd5OHf
z#Ld(|e`N)mI*TpOv$LCejJ?+w)J=wz^RI4EcYf$-HC+J4l*vYqDSh+`dOGSf!mm&)
zUt5IK*EajKa~q~X@lssylbAX_AEYa6+~zRx#W&fTo7?!u&NB*Sr}<ow(%81mZ7r>N
zxR^N7o3CTWCb)F&VC=1&hhZe0U93_f-+uXDn~Mi;3=&6KYs6Bj!$q2cVl;WsXPDiI
z)V$38wa+?Vgo9c?rzZ)$Gnm}j$=!XVFj^;+VwS^7xfZ-zg8366Ep3SzR;9mB&Bll4
zAnA2<PchYKURFMKs32&*HE>R#O14QYk$&*|x@RcL`0o*AZ<s4lI#IRs19BAfT}bbV
zEL_%we#fmCd_V?8ia`@Hu$+NG`$h*A(yvwYf6RgYGU+KzDCH-TevzWDBE6j|h-=h8
zMfx#ZZ~7GavP}rERIo${^ynQX?Es~8E|s23-YG>Y-bK>4QS>uO{{iVk8uh=u2K_zs
z4x0BY>2Ff)qZ;*xNq>&(P2H*X6TJ2av>&x6koN;hX@4s1@dHXnHkQt&(wh|h_1Vxb
zq|WWysGmyuw-oOupfBr-@};ypg>#9N6P3aRRCuP=IbI>UlEG6->3k}E?l($Dbfobm
zsUnoJnN;>LRD3n6ZH|_{LevSOuxn9!>ii-U`4bTOp`_nP)g?6QOG$r9(RY}Qb=LXo
z;|3eZV3%Sbl7lWZ-ye1L8>D|n(f>9J`U7Vk)4xpmR~7wX()XmHc=WssB>f1kH+?uO
z)rjC=(6}K;w4arV$>a&eg_T^yQwYsLD6^q16M6$6U$vwe7(PS$ctN0_n@T@6@*@_r
zceVwIpZ&-_-Iib(g+lmNB~~eO1wEUdPX(Ou$N<tJ_`u^kG~bBi?CY!{?iFyA`l`3F
za-|+=tiU;vbWcO4JeOT@{?D^gsymLH;?ww229LK^lgGBB!>KA-@1(IUFgR8E?@57A
zDtF_4VHsQXVQc@GmyGyk;Znws{W&;l-1T8#&?>~8G@$Oa7C058b8P!z=^i`#VXV(n
zm+7VIH|YQi|0pl|!f2!NYZ1I`*|=jvQAp%~(Dbo5677Z~(ZQXFebzD9fOmq-X4s9@
zPA~lZqiteu?~y24f}>5mh>q{?Gaz&wd@b$Xc;x)NBSe>sFGiXrIYL9y+3rueq^rO7
z<sCk50pG#Aho8C<jvF)5{&$?c9;fzqr1tYkmuW=8yNzF?;5H;4KS+~M#D1timwhxd
zkbVn!#Q8KDgKU{XLhpPLLRvVFefw#IrPr%u>zn{8%4I((oq(UDyuBA6qT8)#5uIAQ
zVT0{{T;5n22c~fc=!At281}2qOq5JC#6O60^uy!$Hj2{^nG>@rJrlF4<jnslOG+hN
z)CNl*K#khMoN8?ob@SN59UUw^l;}rEeGoc!I2kWFTTqZ6%~jyDQL=OwHp=X}PIt&w
zg7iDxErn$nLCSO}0NZism?$~bJra^OOhL}q$z43OO2L_k2X>PoFr!$|XMw$Q$YK--
zIt{_MS`ktc0Q({SLPH7T7wmoFQ6asDJYb_gi-~4)=;W{*Gs<AA^TfP^<`>if4~h1W
z2>vd27JQ|?Vx>`08|SgZpOuPJ=CY-q?-%1&ut8shiB+@MxGxgLw`Q?VzUU~foXfuX
zB1(*y#p<E!JC}v+{8`*PhdtaGFV34&IPA;8y6A_?@z^9f21iI;W-Eu_?I96mR(V&=
z(k1zTO?2RErp4aUL$>Fu!RE;66mwNF9e!P-nDgG$N$ogUo^0>J+j1N{4%U<GHz-Zs
zn2Eh<rDq75F&x#BM*4gPi}`w&?k>Cfb(#3Rm3>|iE{;xTCko<4LplrG)lqB<i(Ng%
z15;W0t}yZVbhKg+JG5(qIC?ru-91=rHN9}-ZnWg%CA=k1Nj2%z5Lv2*{NIM`25WYB
z@P>Sn&iwZD5<i{72JN{n#!P12_kP*z+!Si57dJRDg<am;QQR?w`4*Lk*C(@zqQ3sm
z#Tjw%gSi#5Kjkj-+Sf%Ko?iIGzC*eem-fX9^pR9~dtaegvZZ;U>sYL4xw=YGiusD%
z_qHOPs{Aug!QE8-6jlDN>Ysi`(MPCwv5L#pa^qC~BemRgmG7{cm$L{XRN`yZz@|Fr
zzD03-^j$?RPzng^RJl^+1*YhysTHkO<#CnwQ~eKB@k&)z^7`5dLXGOMsakQ`DaE14
zPU%|tq^n3r$Ya*2SjbSH1zOhUjmOZ-c+lv>OZZqG(`7$~Ry~F`XpzU~YE6ZYu?H2_
z<EW}VrPccU=P`8iF;uTbx@IiyWP4pW3&*uDzki0`r}Fy+{JM&+EcT>PcbMY~+~N+u
zZ_0lCw!N-BzxL<Xk^DN9u7%dqO+*&(d(*;Czw6MfFyQxFqA%|eekrWK+(Bm<i_PXt
z;5~iub9LO0ik9W~AZ`6*`2b`_e_8$yVaNxN@dIQz1dpu^axmn3kmDiCA>V@RJ5ZK4
z5f6EQ@E}>f1Q|3~mOb_G2N?kwWWrOZ$Hwh8Zf1j+@{}yEg4_<d6EZ$lmX8ykD9iNn
zJmooA4)Q|9$*34IK1G(NKn9IOImp{Mk=z66Ia-##gN%T@4Y?gMs0jiYBg=gu_dt$<
zj2Mf6n_%PI_hm#(M5-*8lL6!<$n6tk*$-d4+)hJ5$cR_aQpoL)HsU8EP)JW?jPD?)
zOhbi`mmq`i6;%*&U0=vikfR{WAu~wMKo3LqMY`K#!Oaxhd<VG)Uot&_^hCC&V-inf
z_;|=skW(NtAZ?J_A-6-8LzY9{hP(vni8aF$TgV{D2*?P?c*wqxQy@LDNZCk_<z_o1
ztwEM@+`NaIOJuMR4*XCsLza6&#zQ7Sj)I&GnE|;9(gwK`ay#U4(qp4{4bt-+wA>$d
z>oG(mH=tt3OOQ6m+Z$1i@Mbg^a>^FjBHt!r3ko(vg&&~HAS1S-t06~0z6E(3auehp
z{M6_G=|4umke49+3~0c9l!M#@ISMl90R7(!_=9{8G6QlC<aWsKNPiGL4cWJB9J&hc
zC$=(l6-g%|hP>@U#E_miF4+z_1+pA6=rCFexgFB4IqV>NLXN6N#gN-iAYjN#CsB?q
zx!O@56NS*(iP}~^gYlFV1BJ5_b?v>T0J-|Gt5?Is{3n@jZJ20%l68kLMzd!jVx!qi
zh{$M`tDw(o!*uy9>RLPf6ue2)uo2ff>Q~V_1$+HkJFlI%^X|`%)wcCIPGo;}wYG!T
zZQQ#0vp256dkotEQ8R#*Lfjg_&O^)}$o{?7x%2d4_#TKhHgU}YR*1v=y%MwZZ+oux
zhyX>uA2cV(avPDoeKXAK5@75zZ07aOUT5)OR*LLoU0YUg-CMLKvC`|E^)b)OvOn`j
zd*4E~=n53b(Iyow<mdoU4s<q-{sUA8^cMU1S}WfNKx2o?@+&%a@<y0f1d_+r6!!TI
zbkqy%*p1Ge$Kr`zj?jb`)Nr4E6z(cmS3`e8U_%h@9>DxDY~an#Ud4Fcd+Rt$dC2t=
z%LUsS4}YS<jshDyj-9{Rxl>o9fEUqs!bG)(xGV%E2qE~l31-ug8eU`9ueS0z08|YW
zsWb%WEKn3j4}j``rgId6Tx6ao%XJ)42J4!JO(93)fffUWQwR9G1(X9cjP?4n9W(yv
zEf!2--T&;|=`1qO-xNo~I6af)`8EQhu&$v{F)~sz%loI5k00`v1Qg2M_f%0hM@c|+
z(1md{TSc8XS_R~d4NfzTcB;Anj*bJ7PX%2AI@^dSPgVm}kY%@?K#Sp}DRp5(tiv9~
zngspysj@tf`<)Gx1JsW?wEHTc9YC*W%c||9`M4AMI%M2n9jm_<=0%D3)-?9=-<Z?W
z*c%WRr?Cx+D21q*#?C9^Ux>6BtnKa2UQ!kYr3ssR9rGFaHqyan-tOGVJ5QD;qlU(a
zHMRCcdL0YBH=f;gtmd}282dImf4j5ZJ0F>bEy1X5g2{BC*Eu=>R1GwWM%3#+K;G}L
zSN`cNy53>A{~)e+*yj)_@3LbMx87w}|G~4f7HNv*-E8l>2idp==!;-B<W2|u*qsfJ
z(E}(5P2gP@f~311s0T-bfp!3O<byCCs2Hd>HR(BZ9@9NO)RAvNUk&|Cs?cjYP{5b0
z`&~5YD_I`S9a2t@0s5Oe^h2U<{k1I5ppg;pKlWtM4D1R0^a6E$_$C331sW}|uWq#T
zoej7i@MD4X{xi(yJwW3wSzbn-efI$610@Ko{_mE)v^2N?N9pNl)jt5NW83OFdPN}R
z8xOE!bsa*Ia2taxo~@lGY93&9@^mq#Xw56Sr5-W&($@U0d+0&``Sz49_|rO_PPEXk
zOSGT)chef7tbT|XeK?kcAY6{+!b_F@sti(Pm?|Sw*-MrERmltE67lqcsZ)oJ+-LFB
zweb?`Hm=*?tLxo7rbzJ~Q>556W3PI&TX)-67t}mORi&t^f$Q2d)jiR?;g13}{IQ_%
z>s}&Sk`zahq&S+r?tRcr8~#iY{(RB8Gfj2TO{c5Poem<<4+Q>;E-$ed#7H9OzbMlO
zf4OKKBO>yiLPXw!4<gX7WFW+V2=oV$f^!G@q}+!O5G`s{qWV7P1!MBM4gR`*9>D9)
U`0GsmUp-V5bkZZR>mKd?4<5^-2mk;8

diff --git a/docs/readme.eng.md b/docs/readme.eng.md
index beb95cd..026c32f 100644
--- a/docs/readme.eng.md
+++ b/docs/readme.eng.md
@@ -169,6 +169,7 @@ nfqws takes the following parameters:
  --dpi-desync-fake-http=<filename>      ; file containing fake http request. replacement for built-in
  --dpi-desync-fake-tls=<filename>       ; file containing fake TLS ClientHello (for https). replacement for built-in
  --dpi-desync-fake-unknown=<filename>   ; file containing unknown protocol fake payload. default is 256 zeroes
+ --dpi-desync-fake-quic=<filename>      ; file containing fake QUIC Initial
  --dpi-desync-fake-unknown-udp=<filename> ; file containing unknown udp protocol fake payload
  --dpi-desync-cutoff=[n|d|s]N           ; apply dpi desync only to packet numbers (n, default), data packet numbers (d), relative sequence (s) less than N
  --hostlist=<filename>                  ; apply fooling only to the listed hosts (one host per line, subdomains auto apply)
@@ -420,9 +421,12 @@ Set conntrack timeouts appropriately.
 UDP attacks are limited. Its not possible to fragment UDP on transport level, only on network (ip) level.
 Only desync modes `fake`,`hopbyhop`,`destopt`,`ipfrag1` and `ipfrag2` are applicable.
 `fake`,`hopbyhop`,`destopt` can be used in combo with `ipfrag2`.
-No protocol recognition is implemented yet so only `--dpi-desync-any-protocol` will work.
-Conntrack supports udp. `--dpi-desync-cutoff` will work. UDP conntrack timeout can be set in the 4th
-parameter of `--ctrack-timeouts`.
+
+QUIC initial packets are recognized. Decryption and hostname extraction is not supported so `--hostlist` parameter will not work.
+For other protocols desync use `--dpi-desync-any-protocol`.
+
+Conntrack supports udp. `--dpi-desync-cutoff` will work. UDP conntrack timeout can be set in the 4th parameter of `--ctrack-timeouts`.
+
 Fake attack is useful only for stateful DPI and useless for stateless dealing with each packet independently.
 By default fake payload is 64 zeroes. Can be overriden using `--dpi-desync-fake-unknown-udp`.
 
diff --git a/docs/readme.txt b/docs/readme.txt
index 2b358f4..4c8f669 100644
--- a/docs/readme.txt
+++ b/docs/readme.txt
@@ -215,6 +215,7 @@ nfqws
  --dpi-desync-fake-http=<filename>	; файл, содержащий фейковый http запрос для dpi-desync=fake, на замену стандартному w3.org
  --dpi-desync-fake-tls=<filename>	; файл, содержащий фейковый tls clienthello для dpi-desync=fake, на замену стандартному w3.org
  --dpi-desync-fake-unknown=<filename>	; файл, содержащий фейковый пейлоад неизвестного протокола для dpi-desync=fake, на замену стандартным нулям 256 байт
+ --dpi-desync-fake-quic=<filename>      ; файл, содержащий фейковый QUIC Initial
  --dpi-desync-fake-unknown-udp=<filename> ; файл, содержащий фейковый пейлоад неизвестного udp протокола для dpi-desync=fake, на замену стандартным нулям 64 байт
  --dpi-desync-cutoff=[n|d|s]N           ; применять dpi desync только в исходящих пакетах (n), пакетах данных (d), относительных sequence (s) по номеру меньше N
  --hostlist=<filename>			; применять дурение только к хостам из листа
@@ -454,8 +455,8 @@ window size итоговый размер окна стал максимальн
 Атаки на udp более ограничены в возможностях. udp нельзя фрагментировать иначе, чем на уровне ip.
 Для UDP действуют только режимы десинхронизации fake,hopbyhop,destopt,ipfrag1,ipfrag2.
 Возможно сочетание fake,hopbyhop,destopt с ipfrag2.
-Обязательно указание --dpi-desync-any-protocol, иначе десинхронизация работать не будет,
-поскольку протокол неизвестен, а никакие протоколы пока не определяются.
+Поддерживается определение пакетов QUIC Initial без расшифровки содержимого и имени хоста, то есть параметр
+--hostlist не будет работать. Для десинхронизации других протоколов обязательно указывать --dpi-desync-any-protocol.
 Реализован conntrack для udp. Можно пользоваться --dpi-desync-cutoff. Таймаут conntrack для udp
 можно изменить 4-м параметром в --ctrack-timeouts.
 Атака fake полезна только для stateful DPI, она бесполезна для анализа на уровне отдельных пакетов.
diff --git a/init.d/openwrt/custom-nfqws-quic4all b/init.d/openwrt/custom-nfqws-quic4all
index be4b333..3d7e5a6 100644
--- a/init.d/openwrt/custom-nfqws-quic4all
+++ b/init.d/openwrt/custom-nfqws-quic4all
@@ -1,5 +1,5 @@
 # this custom script in addition to MODE=nfqws runs desync to all QUIC initial packets, without ipset/hostlist filtering
-# need to add to config : NFQWS_OPT_DESYNC_QUIC="--dpi-desync-any-protocol --dpi-desync=fake --dpi-desync-cutoff=d4"
+# need to add to config : NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake"
 # NOTE : do not use TTL fooling. chromium QUIC engine breaks sessions if TTL expired in transit received
 
 QNUM2=$(($QNUM+10))
diff --git a/init.d/sysv/custom-nfqws-quic4all b/init.d/sysv/custom-nfqws-quic4all
index fbfd04c..90e045f 100644
--- a/init.d/sysv/custom-nfqws-quic4all
+++ b/init.d/sysv/custom-nfqws-quic4all
@@ -1,5 +1,5 @@
 # this custom script in addition to MODE=nfqws runs desync to all QUIC initial packets, without ipset/hostlist filtering
-# need to add to config : NFQWS_OPT_DESYNC_QUIC="--dpi-desync-any-protocol --dpi-desync=fake --dpi-desync-cutoff=d4"
+# need to add to config : NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake"
 # NOTE : do not use TTL fooling. chromium QUIC engine breaks sessions if TTL expired in transit received
 
 QNUM2=$(($QNUM+10))
diff --git a/nfq/desync.c b/nfq/desync.c
index c080cc6..2f432e3 100644
--- a/nfq/desync.c
+++ b/nfq/desync.c
@@ -656,8 +656,19 @@ packet_process_result dpi_desync_udp_packet(uint8_t *data_pkt, size_t len_pkt, s
 		size_t fake_size;
 		bool b;
 
-		if (!params.desync_any_proto) return res;
-		DLOG("applying tampering to unknown protocol\n")
+		if (IsQUICInitial(data_payload,len_payload))
+		{
+			DLOG("packet contains QUIC initial\n")
+			fake = params.fake_quic;
+			fake_size = params.fake_quic_size;
+		}
+		else
+		{
+			if (!params.desync_any_proto) return res;
+			DLOG("applying tampering to unknown protocol\n")
+			fake = params.fake_unknown_udp;
+			fake_size = params.fake_unknown_udp_size;
+		}
 
 		enum dpi_desync_mode desync_mode = params.desync_mode;
 		uint8_t fooling_orig = FOOL_NONE;
@@ -667,9 +678,6 @@ packet_process_result dpi_desync_udp_packet(uint8_t *data_pkt, size_t len_pkt, s
 		else ttl_fake = params.desync_ttl ? params.desync_ttl : ttl_orig;
 		extract_endpoints(ip, ip6hdr, NULL, udphdr, &src, &dst);
 
-		fake = params.fake_unknown_udp;
-		fake_size = params.fake_unknown_udp_size;
-
 		if (params.debug)
 		{
 			printf("dpi desync src=");
diff --git a/nfq/nfqws.c b/nfq/nfqws.c
index f055aba..4c20ee1 100644
--- a/nfq/nfqws.c
+++ b/nfq/nfqws.c
@@ -528,6 +528,7 @@ static void exithelp()
 		" --dpi-desync-fake-http=<filename>\t; file containing fake http request\n"
 		" --dpi-desync-fake-tls=<filename>\t; file containing fake TLS ClientHello (for https)\n"
 		" --dpi-desync-fake-unknown=<filename>\t; file containing unknown protocol fake payload\n"
+		" --dpi-desync-fake-quic=<filename>\t; file containing fake QUIC Initial\n"
 		" --dpi-desync-fake-unknown-udp=<filename> ; file containing unknown udp protocol fake payload\n"
 		" --dpi-desync-cutoff=[n|d|s]N\t\t; apply dpi desync only to packet numbers (n, default), data packet numbers (d), relative sequence (s) less than N\n"
 		" --hostlist=<filename>\t\t\t; apply dpi desync only to the listed hosts (one host per line, subdomains auto apply)\n",
@@ -614,6 +615,7 @@ int main(int argc, char **argv)
 	memcpy(params.fake_tls,fake_tls_clienthello_default,params.fake_tls_size);
 	params.fake_http_size = strlen(fake_http_request_default);
 	memcpy(params.fake_http,fake_http_request_default,params.fake_http_size);
+	params.fake_quic_size = 256;
 	params.fake_unknown_size = 256;
 	params.fake_unknown_udp_size = 64;
 	params.wscale=-1; // default - dont change scale factor (client)
@@ -676,9 +678,10 @@ int main(int argc, char **argv)
 		{"dpi-desync-fake-http",required_argument,0,0},// optidx=28
 		{"dpi-desync-fake-tls",required_argument,0,0},// optidx=29
 		{"dpi-desync-fake-unknown",required_argument,0,0},// optidx=30
-		{"dpi-desync-fake-unknown-udp",required_argument,0,0},// optidx=31
-		{"dpi-desync-cutoff",required_argument,0,0},// optidx=32
-		{"hostlist",required_argument,0,0},		// optidx=33
+		{"dpi-desync-fake-quic",required_argument,0,0},// optidx=31
+		{"dpi-desync-fake-unknown-udp",required_argument,0,0},// optidx=32
+		{"dpi-desync-cutoff",required_argument,0,0},// optidx=33
+		{"hostlist",required_argument,0,0},		// optidx=34
 		{NULL,0,NULL,0}
 	};
 	if (argc < 2) exithelp();
@@ -955,18 +958,22 @@ int main(int argc, char **argv)
 			params.fake_unknown_size = sizeof(params.fake_unknown);
 			load_file_or_exit(optarg,params.fake_unknown,&params.fake_unknown_size);
 			break;
-		case 31: /* dpi-desync-fake-unknown-udp */
+		case 31: /* dpi-desync-fake-quic */
+			params.fake_quic_size = sizeof(params.fake_quic);
+			load_file_or_exit(optarg,params.fake_quic,&params.fake_quic_size);
+			break;
+		case 32: /* dpi-desync-fake-unknown-udp */
 			params.fake_unknown_udp_size = sizeof(params.fake_unknown_udp);
 			load_file_or_exit(optarg,params.fake_unknown_udp,&params.fake_unknown_udp_size);
 			break;
-		case 32: /* desync-cutoff */
+		case 33: /* desync-cutoff */
 			if (!parse_cutoff(optarg, &params.desync_cutoff, &params.desync_cutoff_mode))
 			{
 				fprintf(stderr, "invalid desync-cutoff value\n");
 				exit_clean(1);
 			}
 			break;
-		case 33: /* hostlist */
+		case 34: /* hostlist */
 			if (!LoadHostList(&params.hostlist, optarg))
 				exit_clean(1);
 			strncpy(params.hostfile,optarg,sizeof(params.hostfile));
diff --git a/nfq/params.h b/nfq/params.h
index 433bc23..f10739a 100644
--- a/nfq/params.h
+++ b/nfq/params.h
@@ -48,8 +48,8 @@ struct params_s
 	uint32_t desync_badseq_increment, desync_badseq_ack_increment;
 	char hostfile[256];
 	strpool *hostlist;
-	uint8_t fake_http[1432],fake_tls[1432],fake_unknown[1432],fake_unknown_udp[1472];
-	size_t fake_http_size,fake_tls_size,fake_unknown_size,fake_unknown_udp_size;
+	uint8_t fake_http[1432],fake_tls[1432],fake_unknown[1432],fake_unknown_udp[1472],fake_quic[1472];
+	size_t fake_http_size,fake_tls_size,fake_unknown_size,fake_unknown_udp_size,fake_quic_size;
 	bool droproot;
 	uid_t uid;
 	gid_t gid;
diff --git a/nfq/protocol.c b/nfq/protocol.c
index 1c514b1..2348162 100644
--- a/nfq/protocol.c
+++ b/nfq/protocol.c
@@ -22,22 +22,22 @@ bool IsHttp(const uint8_t *data, size_t len)
 }
 bool HttpExtractHost(const uint8_t *data, size_t len, char *host, size_t len_host)
 {
-	const uint8_t *p, *s, *e=data+len;
+	const uint8_t *p, *s, *e = data + len;
 
 	p = (uint8_t*)strncasestr((char*)data, "\nHost:", len);
 	if (!p) return false;
-	p+=6;
-	while(p<e && (*p==' ' || *p=='\t')) p++;
-	s=p;
-	while(s<e && (*s!='\r' && *s!='\n' && *s!=' ' && *s!='\t')) s++;
-	if (s>p)
+	p += 6;
+	while (p < e && (*p == ' ' || *p == '\t')) p++;
+	s = p;
+	while (s < e && (*s != '\r' && *s != '\n' && *s != ' ' && *s != '\t')) s++;
+	if (s > p)
 	{
-		size_t slen = s-p;
+		size_t slen = s - p;
 		if (host && len_host)
 		{
-			if (slen>=len_host) slen=len_host-1;
-			for(size_t i=0;i<slen;i++) host[i]=tolower(p[i]);
-			host[slen]=0;
+			if (slen >= len_host) slen = len_host - 1;
+			for (size_t i = 0; i < slen; i++) host[i] = tolower(p[i]);
+			host[slen] = 0;
 		}
 		return true;
 	}
@@ -45,7 +45,7 @@ bool HttpExtractHost(const uint8_t *data, size_t len, char *host, size_t len_hos
 }
 bool IsTLSClientHello(const uint8_t *data, size_t len)
 {
-	return len>=6 && data[0]==0x16 && data[1]==0x03 && data[2]>=0x01 && data[2]<=0x03 && data[5]==0x01 && (ntohs(*(uint16_t*)(data+3))+5)<=len;
+	return len >= 6 && data[0] == 0x16 && data[1] == 0x03 && data[2] >= 0x01 && data[2] <= 0x03 && data[5] == 0x01 && (ntohs(*(uint16_t*)(data + 3)) + 5) <= len;
 }
 bool TLSFindExt(const uint8_t *data, size_t len, uint16_t type, const uint8_t **ext, size_t *len_ext)
 {
@@ -66,36 +66,36 @@ bool TLSFindExt(const uint8_t *data, size_t len, uint16_t type, const uint8_t **
 	//	<CompressionMethods>
 	// u16	ExtensionsLength
 
-	size_t l,ll;
+	size_t l, ll;
 
-	l = 1+2+2+1+3+2+32;
+	l = 1 + 2 + 2 + 1 + 3 + 2 + 32;
 	// SessionIDLength
-	if (len<(l+1)) return false;
-	ll = data[6]<<16 | data[7]<<8 | data[8]; // HandshakeProtocol length
-	if (len<(ll+9)) return false;
-	l += data[l]+1;
+	if (len < (l + 1)) return false;
+	ll = data[6] << 16 | data[7] << 8 | data[8]; // HandshakeProtocol length
+	if (len < (ll + 9)) return false;
+	l += data[l] + 1;
 	// CipherSuitesLength
-	if (len<(l+2)) return false;
-	l += ntohs(*(uint16_t*)(data+l))+2;
+	if (len < (l + 2)) return false;
+	l += ntohs(*(uint16_t*)(data + l)) + 2;
 	// CompressionMethodsLength
-	if (len<(l+1)) return false;
-	l += data[l]+1;
+	if (len < (l + 1)) return false;
+	l += data[l] + 1;
 	// ExtensionsLength
-	if (len<(l+2)) return false;
+	if (len < (l + 2)) return false;
 
-	data+=l; len-=l;
-	l=ntohs(*(uint16_t*)data);
-	data+=2; len-=2;
-	if (l<len) return false;
+	data += l; len -= l;
+	l = ntohs(*(uint16_t*)data);
+	data += 2; len -= 2;
+	if (l < len) return false;
 
-	uint16_t ntype=htons(type);
-	while(l>=4)
+	uint16_t ntype = htons(type);
+	while (l >= 4)
 	{
-		uint16_t etype=*(uint16_t*)data;
-		size_t elen=ntohs(*(uint16_t*)(data+2));
-		data+=4; l-=4;
-		if (l<elen) break;
-		if (etype==ntype)
+		uint16_t etype = *(uint16_t*)data;
+		size_t elen = ntohs(*(uint16_t*)(data + 2));
+		data += 4; l -= 4;
+		if (l < elen) break;
+		if (etype == ntype)
 		{
 			if (ext && len_ext)
 			{
@@ -104,7 +104,7 @@ bool TLSFindExt(const uint8_t *data, size_t len, uint16_t type, const uint8_t **
 			}
 			return true;
 		}
-		data+=elen; l-=elen;
+		data += elen; l -= elen;
 	}
 
 	return false;
@@ -114,19 +114,76 @@ bool TLSHelloExtractHost(const uint8_t *data, size_t len, char *host, size_t len
 	const uint8_t *ext;
 	size_t elen;
 
-	if (!TLSFindExt(data,len,0,&ext,&elen)) return false;
+	if (!TLSFindExt(data, len, 0, &ext, &elen)) return false;
 	// u16	data+0 - name list length
 	// u8	data+2 - server name type. 0=host_name
 	// u16	data+3 - server name length
-	if (elen<5 || ext[2]!=0) return false;
-	size_t slen = ntohs(*(uint16_t*)(ext+3));
-	ext+=5; elen-=5;
-	if (slen<elen) return false;
+	if (elen < 5 || ext[2] != 0) return false;
+	size_t slen = ntohs(*(uint16_t*)(ext + 3));
+	ext += 5; elen -= 5;
+	if (slen < elen) return false;
 	if (ext && len_host)
 	{
-		if (slen>=len_host) slen=len_host-1;
-		for(size_t i=0;i<slen;i++) host[i]=tolower(ext[i]);
-		host[slen]=0;
+		if (slen >= len_host) slen = len_host - 1;
+		for (size_t i = 0; i < slen; i++) host[i] = tolower(ext[i]);
+		host[slen] = 0;
 	}
 	return true;
 }
+
+
+#define QUIC_MAX_CID_LENGTH  20
+/* Returns the QUIC draft version or 0 if not applicable. */
+static inline uint8_t quic_draft_version(uint32_t version) {
+	/* IETF Draft versions */
+	if ((version >> 8) == 0xff0000) {
+		return (uint8_t)version;
+	}
+	/* Facebook mvfst, based on draft -22. */
+	if (version == 0xfaceb001) {
+		return 22;
+	}
+	/* Facebook mvfst, based on draft -27. */
+	if (version == 0xfaceb002 || version == 0xfaceb00e) {
+		return 27;
+	}
+	/* GQUIC Q050, T050 and T051: they are not really based on any drafts,
+	 * but we must return a sensible value */
+	if (version == 0x51303530 ||
+		version == 0x54303530 ||
+		version == 0x54303531) {
+		return 27;
+	}
+	/* https://tools.ietf.org/html/draft-ietf-quic-transport-32#section-15
+	   "Versions that follow the pattern 0x?a?a?a?a are reserved for use in
+	   forcing version negotiation to be exercised"
+	   It is tricky to return a correct draft version: such number is primarily
+	   used to select a proper salt (which depends on the version itself), but
+	   we don't have a real version here! Let's hope that we need to handle
+	   only latest drafts... */
+	if ((version & 0x0F0F0F0F) == 0x0a0a0a0a) {
+		return 29;
+	}
+	/* QUIC (final?) constants for v1 are defined in draft-33, but draft-34 is the
+	   final draft version */
+	if (version == 0x00000001) {
+		return 34;
+	}
+	/* QUIC Version 2 */
+	/* TODO: for the time being use 100 as a number for V2 and let see how v2 drafts evolve */
+	if (version == 0x709A50C4) {
+		return 100;
+	}
+	return 0;
+}
+bool IsQUICInitial(uint8_t *data, size_t len)
+{
+	// long header, fixed bit, type=initial
+	if (len < 512 || (data[0] & 0xF0) != 0xC0) return false;
+	uint8_t *p = data + 1;
+	uint32_t ver = ntohl(*(uint32_t*)p);
+	if (quic_draft_version(ver) < 11) return false;
+	p += 4;
+	if (!*p || *p > QUIC_MAX_CID_LENGTH) return false;
+	return true;
+}
diff --git a/nfq/protocol.h b/nfq/protocol.h
index 188afbc..423847e 100644
--- a/nfq/protocol.h
+++ b/nfq/protocol.h
@@ -9,3 +9,4 @@ bool HttpExtractHost(const uint8_t *data, size_t len, char *host, size_t len_hos
 bool IsTLSClientHello(const uint8_t *data, size_t len);
 bool TLSFindExt(const uint8_t *data, size_t len, uint16_t type, const uint8_t **ext, size_t *len_ext);
 bool TLSHelloExtractHost(const uint8_t *data, size_t len, char *host, size_t len_host);
+bool IsQUICInitial(uint8_t *data, size_t len);