diff --git a/dist/linux/README.md b/dist/linux/README.md
index 96db4d8..f211b46 100644
--- a/dist/linux/README.md
+++ b/dist/linux/README.md
@@ -9,16 +9,30 @@ sudo make install
 
 ## Systemd Service (optional)
 
-Copy and enable the service:
+You can configure the program to run as systemd service, user- or system-wide (only one at a time).
+
+### As user service:
 
 ```sh
 cp byedpi.service ~/.config/systemd/user/
-systemctl --user daemon-reload
-systemctl --user enable byedpi.service
-systemctl --user start byedpi.service
+cp byedpi.conf ~/.config/
+systemctl --user enable --now byedpi.service
 ```
 
 You should see the service now marked as "active":
 ```sh
 systemctl --user status byedpi.service
 ```
+
+### As system service:
+
+```sh
+sudo cp byedpi.service /etc/systemd/system/
+sudo cp byedpi.conf /etc/
+sudo systemctl enable --now byedpi.service
+```
+
+You should see the service now marked as "active":
+```sh
+systemctl status byedpi.service
+```
diff --git a/dist/linux/byedpi.conf b/dist/linux/byedpi.conf
new file mode 100644
index 0000000..e52e18a
--- /dev/null
+++ b/dist/linux/byedpi.conf
@@ -0,0 +1,8 @@
+# More options and their descriptions can be found here:
+# https://github.com/hufrea/byedpi/blob/main/README.md
+# 
+# By default, ciadpi listens on all interfaces, 
+# a specific one can be specified via "--ip 127.0.0.1".
+
+# Put your options here
+BYEDPI_OPTIONS="--split 1 --disorder 3+s --mod-http=h,d --auto=torst --tlsrec 1+s"
diff --git a/dist/linux/byedpi.service b/dist/linux/byedpi.service
index af986ae..7abe067 100644
--- a/dist/linux/byedpi.service
+++ b/dist/linux/byedpi.service
@@ -1,14 +1,19 @@
 [Unit]
-Description=byedpi
+Description=ByeDPI
 Documentation=https://github.com/hufrea/byedpi
+Wants=network-online.target
+After=network-online.target nss-lookup.target
 
 [Service]
-ExecStart=ciadpi --split 1 --disorder 3+s --mod-http=h,d --auto=torst --tlsrec 1+s
+NoNewPrivileges=yes
+StandardOutput=null
+StandardError=journal
+EnvironmentFile=-/etc/byedpi.conf
+EnvironmentFile=-%h/.config/byedpi.conf
+ExecStart=ciadpi $BYEDPI_OPTIONS
 TimeoutStopSec=5s
-LimitNOFILE=1048576
-LimitNPROC=512
 PrivateTmp=true
 ProtectSystem=full
 
 [Install]
-WantedBy=default.target
\ No newline at end of file
+WantedBy=default.target
diff --git a/extend.c b/extend.c
index 5f6db8b..d03c326 100644
--- a/extend.c
+++ b/extend.c
@@ -23,6 +23,8 @@
 #include "desync.h"
 #include "packets.h"
 
+#define KEY_SIZE sizeof(struct sockaddr_ina)
+
 
 int set_timeout(int fd, unsigned int s)
 {
@@ -45,33 +47,45 @@ int set_timeout(int fd, unsigned int s)
 }
 
 
-int mode_add_get(struct sockaddr_ina *dst, int m)
+static ssize_t serialize_addr(const struct sockaddr_ina *dst,
+        uint8_t *const out, const size_t out_len)
+{
+    #define serialize(raw, field, len, counter){ \
+        const size_t size = sizeof(field); \
+        if ((counter + size) <= len) { \
+            memcpy(raw + counter, &(field), size); \
+            counter += size; \
+        } else return 0; \
+    }
+    size_t c = 0;
+    serialize(out, dst->in.sin_port, out_len, c);
+    serialize(out, dst->sa.sa_family, out_len, c);
+    
+    if (dst->sa.sa_family == AF_INET) {
+        serialize(out, dst->in.sin_addr, out_len, c);
+    } else {
+        serialize(out, dst->in6.sin6_addr, out_len, c);
+    }
+    #undef serialize
+
+    return c;
+}
+
+
+static int mode_add_get(struct sockaddr_ina *dst, int m)
 {
     // m < 0: get, m > 0: set, m == 0: delete
     assert(m >= -1 && m < params.dp_count);
-    struct {
-        uint16_t port;
-        union {
-            struct in_addr i4;
-            struct in6_addr i6;
-        };
-    } key = { .port = dst->in.sin_port };
     
     time_t t = 0;
     struct elem *val = 0;
-    int len = sizeof(dst->in.sin_port);
     
-    if (dst->sa.sa_family == AF_INET) {
-        len += sizeof(dst->in.sin_addr);
-        key.i4 = dst->in.sin_addr;
-    }
-    else {
-        len += sizeof(dst->in6.sin6_addr);
-        key.i6 = dst->in6.sin6_addr;
-    }
+    uint8_t key[KEY_SIZE] = { 0 };
+    int len = serialize_addr(dst, key, sizeof(key));
+    assert(len > 0);
     
     if (m < 0) {
-        val = mem_get(params.mempool, (char *)&key, len);
+        val = mem_get(params.mempool, (char *)key, len);
         if (!val) {
             return -1;
         }
@@ -83,16 +97,17 @@ int mode_add_get(struct sockaddr_ina *dst, int m)
         return val->m;
     }
     INIT_ADDR_STR((*dst));
-    
+
     if (m == 0) {
         LOG(LOG_S, "delete ip: %s\n", ADDR_STR);
-        mem_delete(params.mempool, (char *)&key, len);
+        mem_delete(params.mempool, (char *)key, len);
         return 0;
     }
     else {
         LOG(LOG_S, "save ip: %s, m=%d\n", ADDR_STR, m);
         time(&t);
-        val = mem_add(params.mempool, (char *)&key, len);
+
+        val = mem_add(params.mempool, (char *)key, len);
         if (!val) {
             uniperror("mem_add");
             return -1;
@@ -101,7 +116,6 @@ int mode_add_get(struct sockaddr_ina *dst, int m)
         val->time = t;
         return 0;
     }
-    
 }
 
 
@@ -208,21 +222,24 @@ int on_torst(struct poolhd *pool, struct eval *val)
         for (; m < params.dp_count; m++) {
             struct desync_params *dp = &params.dp[m];
             if (!dp->detect) {
-                return -1;
+                m = 0;
+                break;
             }
             if (dp->detect & DETECT_TORST) {
                 break;
             }
         }
-        if (m >= params.dp_count) {
+        if (m == 0) {
+        }
+        else if (m >= params.dp_count) {
             if (m > 1) mode_add_get(
                 (struct sockaddr_ina *)&val->in6, 0);
         }
-        else if (can_reconn)
+        else if (can_reconn) {
             return reconnect(pool, val, m);
-        else 
-            mode_add_get(
-                (struct sockaddr_ina *)&val->in6, m);
+        }
+        else mode_add_get(
+            (struct sockaddr_ina *)&val->in6, m);
     }
     struct linger l = { .l_onoff = 1 };
     if (setsockopt(val->pair->fd, SOL_SOCKET,
diff --git a/main.c b/main.c
index 94afb8c..baf56df 100644
--- a/main.c
+++ b/main.c
@@ -23,7 +23,7 @@
     #define close(fd) closesocket(fd)
 #endif
 
-#define VERSION "14"
+#define VERSION "14.1"
 
 char ip_option[1] = "\0";
 
@@ -479,6 +479,7 @@ int main(int argc, char **argv)
     
     long val = 0;
     char *end = 0;
+    bool all_limited = 1;
     
     struct desync_params *dp = add((void *)&params.dp,
         &params.dp_count, sizeof(struct desync_params));
@@ -573,6 +574,9 @@ int main(int argc, char **argv)
             break;
             
         case 'A':
+            if (!(dp->hosts || dp->proto || dp->pf[0] || dp->detect)) {
+                all_limited = 0;
+            }
             dp = add((void *)&params.dp, &params.dp_count,
                 sizeof(struct desync_params));
             if (!dp) {
@@ -866,7 +870,7 @@ int main(int argc, char **argv)
         clear_params();
         return -1;
     }
-    if (dp->hosts || dp->proto || dp->pf[0]) {
+    if (all_limited) {
         dp = add((void *)&params.dp,
             &params.dp_count, sizeof(struct desync_params));
         if (!dp) {
diff --git a/params.h b/params.h
index 02992f6..b4f4ba0 100644
--- a/params.h
+++ b/params.h
@@ -3,6 +3,7 @@
 
 #include <stdint.h>
 #include <stdio.h>
+#include <stdbool.h>
 
 #include "mpool.h"
 
@@ -63,11 +64,11 @@ struct desync_params {
     int ttl;
     char *ip_options;
     ssize_t ip_options_len;
-    char md5sig;
+    bool md5sig;
     struct packet fake_data;
     int udp_fake_count;
     int fake_offset;
-    char drop_sack;
+    bool drop_sack;
     char oob_char[2];
     
     int parts_n;
@@ -90,23 +91,23 @@ struct params {
     int dp_count;
     struct desync_params *dp;
     long sfdelay;
-    char wait_send;
+    bool wait_send;
     int def_ttl;
-    char custom_ttl;
+    bool custom_ttl;
     
-    char tfo;
+    bool tfo;
     unsigned int timeout;
     int auto_level;
     long cache_ttl;
-    char ipv6;
-    char resolve;
-    char udp;
+    bool ipv6;
+    bool resolve;
+    bool udp;
     int max_open;
     int debug;
     size_t bfsize;
     struct sockaddr_in6 baddr;
     struct sockaddr_in6 laddr;
-    char transparent;
+    bool transparent;
     struct mphdr *mempool;
     
     char *protect_path;
diff --git a/proxy.c b/proxy.c
index b1c4698..eadfff6 100644
--- a/proxy.c
+++ b/proxy.c
@@ -35,6 +35,9 @@
     #ifdef __linux__
         /* For SO_ORIGINAL_DST only (which is 0x50) */
         #include "linux/netfilter_ipv4.h"
+        #ifndef IP6T_SO_ORIGINAL_DST
+        #define IP6T_SO_ORIGINAL_DST SO_ORIGINAL_DST
+        #endif
     #endif
 #endif
 
@@ -129,6 +132,7 @@ int resolve(char *host, int len,
     
     char rchar = host[len];
     host[len] = '\0';
+    LOG(LOG_S, "resolve: %s\n", host);
     
     if (getaddrinfo(host, 0, &hints, &res) || !res) {
         host[len] = rchar;
@@ -543,10 +547,14 @@ static inline int transp_conn(struct poolhd *pool, struct eval *val)
 {
     struct sockaddr_ina remote, self;
     socklen_t rlen = sizeof(remote), slen = sizeof(self);
-    if (getsockopt(val->fd,
-            IPPROTO_IP, SO_ORIGINAL_DST, &remote, &rlen) != 0) {
-        uniperror("getsockopt SO_ORIGINAL_DST");
-        return -1;
+    if (getsockopt(val->fd, IPPROTO_IP,
+            SO_ORIGINAL_DST, &remote, &rlen) != 0)
+    {
+        if (getsockopt(val->fd, IPPROTO_IPV6,
+                IP6T_SO_ORIGINAL_DST, &remote, &rlen) != 0) {
+            uniperror("getsockopt SO_ORIGINAL_DST");
+            return -1;
+        }
     }
     if (getsockname(val->fd, &self.sa, &slen) < 0) {
         uniperror("getsockname");