diff --git a/nfq/darkmagic.c b/nfq/darkmagic.c
index 23e4868..14534ca 100644
--- a/nfq/darkmagic.c
+++ b/nfq/darkmagic.c
@@ -1837,6 +1837,7 @@ bool rawsend_queue(struct rawpacket_tailhead *q)
 uint8_t autottl_guess(uint8_t ttl, const autottl *attl)
 {
 	uint8_t orig, path, fake;
+	int d;
 
 	// 18.65.168.125 ( cloudfront ) 	255
 	// 157.254.246.178 			128
@@ -1853,11 +1854,13 @@ uint8_t autottl_guess(uint8_t ttl, const autottl *attl)
 
 	path = orig - ttl;
 
-	fake = path > attl->delta ? path - attl->delta : attl->min;
-	if (fake<attl->min) fake=attl->min;
-	else if (fake>attl->max) fake=attl->max;
+	d = (int)path + attl->delta;
+	if (d<attl->min) fake=attl->min;
+	else if (d>attl->max) fake=attl->max;
+	else fake=(uint8_t)d;
 
-	if (fake>=path) return 0;
+	if (attl->delta<0 && fake>=path || attl->delta>=0 && fake<path)
+		return 0;
 
 	return fake;
 }
diff --git a/nfq/darkmagic.h b/nfq/darkmagic.h
index 621ecd7..e60592d 100644
--- a/nfq/darkmagic.h
+++ b/nfq/darkmagic.h
@@ -258,9 +258,10 @@ void tcp_rewrite_winsize(struct tcphdr *tcp, uint16_t winsize, uint8_t scale_fac
 
 typedef struct
 {
-	uint8_t delta, min, max;
+	int8_t delta;
+	uint8_t min, max;
 } autottl;
-#define AUTOTTL_DEFAULT_DELTA 1
+#define AUTOTTL_DEFAULT_DELTA -1
 #define AUTOTTL_DEFAULT_MIN 3
 #define AUTOTTL_DEFAULT_MAX 20
 #define AUTOTTL_ENABLED(a) (!!(a).delta)
diff --git a/nfq/desync.c b/nfq/desync.c
index 56097bf..1fd2673 100644
--- a/nfq/desync.c
+++ b/nfq/desync.c
@@ -1461,6 +1461,8 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 				if (!replay)
 				{
 					maybe_cutoff(ctrack, IPPROTO_TCP);
+					if (orig_mod(dp,ctrack,dis)) // ttl can change !
+						verdict = VERDICT_MODIFY;
 					if (!process_desync_interval(dp, ctrack))
 					{
 						reasm_orig_cancel(ctrack);
@@ -2558,6 +2560,8 @@ static uint8_t dpi_desync_udp_packet_play(bool replay, size_t reasm_offset, uint
 				if (!replay)
 				{
 					maybe_cutoff(ctrack, IPPROTO_UDP);
+					if (orig_mod(dp,ctrack,dis)) // ttl can change !
+						verdict = VERDICT_MODIFY;
 					if (!process_desync_interval(dp, ctrack)) goto send_orig;
 				}
 			}
diff --git a/nfq/nfqws.c b/nfq/nfqws.c
index fde2d50..5fc3523 100644
--- a/nfq/nfqws.c
+++ b/nfq/nfqws.c
@@ -692,11 +692,18 @@ static void load_file_or_exit(const char *filename, void *buf, size_t *size)
 
 static bool parse_autottl(const char *s, autottl *t)
 {
+	bool neg=true;
 	unsigned int delta,min,max;
 	AUTOTTL_SET_DEFAULT(*t);
 	if (s)
 	{
 		max = t->max;
+		if (*s=='+')
+		{
+			neg=false;
+			s++;
+		} else if (*s=='-')
+			s++;
 		switch (sscanf(s,"%u:%u-%u",&delta,&min,&max))
 		{
 			case 3:
@@ -706,8 +713,8 @@ static bool parse_autottl(const char *s, autottl *t)
 				if ((delta && !min) || min>255 || min>max) return false;
 				t->min=(uint8_t)min;
 			case 1:
-				if (delta>255) return false;
-				t->delta=(uint8_t)delta;
+				if (delta>127) return false;
+				t->delta=(int8_t)(neg ? -delta : delta);
 				break;
 			default:
 				return false;
@@ -1475,7 +1482,7 @@ static void exithelp(void)
 #endif
 		" --dpi-desync-ttl=<int>\t\t\t\t; set ttl for fakes packets\n"
 		" --dpi-desync-ttl6=<int>\t\t\t; set ipv6 hop limit for fake packet. by default --dpi-desync-ttl value is used.\n"
-		" --dpi-desync-autottl=[<delta>[:<min>[-<max>]]]\t; auto ttl mode for both ipv4 and ipv6. default: %u:%u-%u\n"
+		" --dpi-desync-autottl=[<delta>[:<min>[-<max>]]]\t; auto ttl mode for both ipv4 and ipv6. default: %d:%u-%u\n"
 		" --dpi-desync-autottl6=[<delta>[:<min>[-<max>]]] ; overrides --dpi-desync-autottl for ipv6 only\n"
 		" --dpi-desync-fooling=<mode>[,<mode>]\t\t; can use multiple comma separated values. modes : none md5sig badseq badsum datanoack hopbyhop hopbyhop2\n"
 		" --dpi-desync-repeats=<N>\t\t\t; send every desync packet N times\n"
@@ -2783,9 +2790,9 @@ int main(int argc, char **argv)
 		if (dp->orig_mod_ttl6 == 0xFF) dp->orig_mod_ttl6=dp->orig_mod_ttl;
 		if (!AUTOTTL_ENABLED(dp->desync_autottl6)) dp->desync_autottl6 = dp->desync_autottl;
 		if (AUTOTTL_ENABLED(dp->desync_autottl))
-			DLOG("profile %d autottl ipv4 %u:%u-%u\n",dp->n,dp->desync_autottl.delta,dp->desync_autottl.min,dp->desync_autottl.max);
+			DLOG("profile %d autottl ipv4 %d:%u-%u\n",dp->n,dp->desync_autottl.delta,dp->desync_autottl.min,dp->desync_autottl.max);
 		if (AUTOTTL_ENABLED(dp->desync_autottl6))
-			DLOG("profile %d autottl ipv6 %u:%u-%u\n",dp->n,dp->desync_autottl6.delta,dp->desync_autottl6.min,dp->desync_autottl6.max);
+			DLOG("profile %d autottl ipv6 %d:%u-%u\n",dp->n,dp->desync_autottl6.delta,dp->desync_autottl6.min,dp->desync_autottl6.max);
 		split_compat(dp);
 		if (!dp_fake_defaults(dp))
 		{
