diff --git a/nfq2/darkmagic.c b/nfq2/darkmagic.c
index a4c883c..2ca6d5a 100644
--- a/nfq2/darkmagic.c
+++ b/nfq2/darkmagic.c
@@ -373,28 +373,28 @@ void print_icmphdr(const struct icmp46 *icmp, bool v6)
 
 bool proto_check_ipv4(const uint8_t *data, size_t len)
 {
-	return 	len >= sizeof(struct ip) && (data[0] & 0xF0) == 0x40 && (data[0] & 0x0F)>=5 &&
-		len >= ((data[0] & 0x0F) << 2);
+	if (len < sizeof(struct ip)) return false;
+	uint8_t off = ((struct ip*)data)->ip_hl << 2;
+	return off>=sizeof(struct ip) && len>=off;
 }
 // move to transport protocol
 void proto_skip_ipv4(const uint8_t **data, size_t *len)
 {
-	size_t l;
-
-	l = (**data & 0x0F) << 2;
-	*data += l;
-	*len -= l;
+	uint8_t off = ((struct ip*)*data)->ip_hl << 2;
+	*data += off;
+	*len -= off;
 }
 bool proto_check_tcp(const uint8_t *data, size_t len)
 {
-	return len >= sizeof(struct tcphdr) && len >= ((data[12] & 0xF0) >> 2);
+	if (len < sizeof(struct tcphdr)) return false;
+	uint8_t off = ((struct tcphdr*)data)->th_off << 2;
+	return off>=sizeof(struct tcphdr) && len>=off;
 }
 void proto_skip_tcp(const uint8_t **data, size_t *len)
 {
-	size_t l;
-	l = ((*data)[12] & 0xF0) >> 2;
-	*data += l;
-	*len -= l;
+	uint8_t off = ((struct tcphdr*)*data)->th_off << 2;
+	*data += off;
+	*len -= off;
 }
 bool proto_check_udp(const uint8_t *data, size_t len)
 {
diff --git a/nfq2/helpers.c b/nfq2/helpers.c
index 43c5f8e..09efd40 100644
--- a/nfq2/helpers.c
+++ b/nfq2/helpers.c
@@ -61,25 +61,27 @@ void replace_char(char *s, char from, char to)
 	for(;*s;s++) if (*s==from) *s=to;
 }
 
-char *strncasestr(const char *s, const char *find, size_t slen)
+const char *strncasestr(const char *s, const char *find, size_t slen)
 {
 	char c, sc;
 	size_t len;
 
-	if ((c = *find++) != '\0')
+	if ((c = *find++))
 	{
 		len = strlen(find);
 		do
 		{
 			do
 			{
-				if (slen-- < 1 || (sc = *s++) == '\0') return NULL;
-			} while (toupper(c) != toupper(sc));
+				if (!slen) return NULL;
+				slen--;
+				sc = *s++;
+			} while (toupper((unsigned char)c) != toupper((unsigned char)sc));
 			if (len > slen)	return NULL;
-		} while (strncasecmp(s, find, len) != 0);
+		} while (strncasecmp(s, find, len));
 		s--;
 	}
-	return (char *)s;
+	return s;
 }
 
 static inline bool is_letter(char c)
diff --git a/nfq2/helpers.h b/nfq2/helpers.h
index ad0841d..1f622af 100644
--- a/nfq2/helpers.h
+++ b/nfq2/helpers.h
@@ -29,7 +29,7 @@ void qsort_ssize_t(ssize_t *array, int ct);
 int str_index(const char **strs, int count, const char *str);
 void rtrim(char *s);
 void replace_char(char *s, char from, char to);
-char *strncasestr(const char *s,const char *find, size_t slen);
+const char *strncasestr(const char *s,const char *find, size_t slen);
 // [a-zA-z][a-zA-Z0-9]*
 bool is_identifier(const char *p);
 
diff --git a/nfq2/hostlist.c b/nfq2/hostlist.c
index fcc71da..24829f3 100644
--- a/nfq2/hostlist.c
+++ b/nfq2/hostlist.c
@@ -18,7 +18,7 @@ static bool addpool(hostlist_pool **hostlist, char **s, const char *end, int *ct
 			p = ++(*s);
 			flags |= HOSTLIST_POOL_FLAG_STRICT_MATCH;
 		}
-		for (; p<end && *p && *p!=' ' && *p!='\t' && *p!='\r' && *p != '\n'; p++) *p=tolower(*p);
+		for (; p<end && *p && *p!=' ' && *p!='\t' && *p!='\r' && *p != '\n'; p++) *p=tolower((unsigned char)*p);
 		if (!HostlistPoolAddStrLen(hostlist, *s, p-*s, flags))
 		{
 			HostlistPoolDestroy(hostlist);
diff --git a/nfq2/nfqws.c b/nfq2/nfqws.c
index d9952ff..0ed6482 100644
--- a/nfq2/nfqws.c
+++ b/nfq2/nfqws.c
@@ -1003,13 +1003,13 @@ static struct blob_item *load_const_blob_to_collection(const char *name, const v
 
 
 
-static bool parse_uid(const char *opt, uid_t *uid, gid_t *gid, int *gid_count, int max_gids)
+static bool parse_uid(char *opt, uid_t *uid, gid_t *gid, int *gid_count, int max_gids)
 {
 	unsigned int u;
 	char c, *p, *e;
 
 	*gid_count = 0;
-	if ((e = strchr(optarg, ':'))) *e++ = 0;
+	if ((e = strchr(opt, ':'))) *e++ = 0;
 	if (sscanf(opt, "%u", &u) != 1) return false;
 	*uid = (uid_t)u;
 	for (p = e; p; )