diff --git a/nfq2/Makefile b/nfq2/Makefile
index 246c166..4420c24 100644
--- a/nfq2/Makefile
+++ b/nfq2/Makefile
@@ -6,6 +6,7 @@ CFLAGS_LINUX = -Wno-alloc-size-larger-than
 CFLAGS_SYSTEMD = -DUSE_SYSTEMD
 CFLAGS_BSD = -Wno-address-of-packed-member
 CFLAGS_CYGWIN = -Wno-address-of-packed-member -static
+CFLAGS_UBSAN = -fsanitize=undefined,alignment -fno-sanitize-recover=undefined,alignment
 LDFLAGS_ANDROID = -llog
 LIBS =
 LIBS_LINUX = -lz -lnetfilter_queue -lnfnetlink -lmnl -lm
@@ -135,6 +136,9 @@ all: nfqws2
 nfqws2: $(SRC_FILES)
 	$(CC) -s $(CFLAGS) $(LUA_CFL) $(CFLAGS_LINUX) -o nfqws2 $(SRC_FILES) $(LIBS) $(LUA_LIB) $(LIBS_LINUX) $(LDFLAGS)
 
+ubsan: $(SRC_FILES)
+	$(CC) $(CFLAGS_UBSAN) $(CFLAGS) $(LUA_CFL) $(CFLAGS_LINUX) -o nfqws2 $(SRC_FILES) $(LIBS) $(LUA_LIB) $(LIBS_LINUX) $(LDFLAGS)
+
 systemd: $(SRC_FILES)
 	$(CC) -s $(CFLAGS) $(LUA_CFL) $(CFLAGS_LINUX) $(CFLAGS_SYSTEMD) -o nfqws2 $(SRC_FILES) $(LIBS) $(LUA_LIB) $(LIBS_LINUX) $(LIBS_SYSTEMD) $(LDFLAGS)
 
diff --git a/nfq2/desync.c b/nfq2/desync.c
index 836fc5d..8153ae4 100644
--- a/nfq2/desync.c
+++ b/nfq2/desync.c
@@ -2030,7 +2030,7 @@ static uint8_t dpi_desync_ip_packet(
 	if (!!dis->ip == !!dis->ip6) return verdict;
 
 	struct sockaddr_storage src, dst;
-	const char *ssid;
+	const char *ssid = NULL;
 	struct desync_profile *dp;
 
 	extract_endpoints(dis->ip, dis->ip6, NULL, NULL, &src, &dst);
@@ -2129,6 +2129,8 @@ static uint8_t dpi_desync_packet_play(
 			verdict = dpi_desync_ip_packet(fwmark, ifin, ifout, &dis, mod_pkt, len_mod_pkt);
 		}
 	}
+	else
+		DLOG("invalid packet - neither ipv4 or ipv6\n");
 	return verdict;
 }
 uint8_t dpi_desync_packet(uint32_t fwmark, const char *ifin, const char *ifout, const uint8_t *data_pkt, size_t len_pkt, uint8_t *mod_pkt, size_t *len_mod_pkt)
diff --git a/nfq2/helpers.c b/nfq2/helpers.c
index cfb085c..50a4e40 100644
--- a/nfq2/helpers.c
+++ b/nfq2/helpers.c
@@ -456,7 +456,10 @@ bool file_open_test(const char *filename, int flags)
 void fill_random_bytes(uint8_t *p,size_t sz)
 {
 	size_t k;
-	for (k=0 ; (k+1)<sz ; k+=2) phton16(p+k, (uint16_t)random());
+	// alignment
+	if ((size_t)p & 1) { *p=(uint8_t)random(); sz--; p++; }
+	// random has only 31 bits of entropy. not 32 bits
+	for (k=0 ; (k+1)<sz ; k+=2) *(uint16_t*)(p+k) = (uint16_t)random();
 	if (sz & 1) p[sz-1]=(uint8_t)random();
 }
 void fill_random_az(uint8_t *p,size_t sz)
diff --git a/nfq2/nfqws.c b/nfq2/nfqws.c
index 058b405..996a913 100644
--- a/nfq2/nfqws.c
+++ b/nfq2/nfqws.c
@@ -156,6 +156,37 @@ static uint8_t processPacketData(uint32_t *mark, const char *ifin, const char *i
 	return dpi_desync_packet(*mark, ifin, ifout, data_pkt, len_pkt, mod_pkt, len_mod_pkt);
 }
 
+static void fuzzPacketData(unsigned int count)
+{
+	uint8_t packet[RECONSTRUCT_MAX_SIZE],mod[RECONSTRUCT_MAX_SIZE];
+	size_t len, modlen;
+	unsigned int k;
+	uint32_t mark=0;
+	uint8_t verdict;
+
+	for(k=0;k<count;k++)
+	{
+		if (bQuit) break;
+		if (!(k%1000)) DLOG_CONDUP("fuzz ct=%u\n",k);
+		len = random()%sizeof(packet);
+		fill_random_bytes(packet,len);
+		if (len)
+		{
+			// simulate ipv4 or ipv6 and invalid packet with low probability
+			*packet = *packet ? (*packet & 1) ? 0x40 : 0x60 | (*packet & 0x0F) : (uint8_t)random();
+		}
+		modlen = sizeof(mod);
+		verdict = processPacketData(&mark,random()%1 ? "ifin" : NULL,random()%1 ? "ifout" : NULL,packet,len,mod,&modlen);
+	}
+}
+static void do_fuzz(void)
+{
+	if (params.fuzz)
+	{
+		DLOG_CONDUP("fuzz packet data count=%u\n",params.fuzz);
+		fuzzPacketData(params.fuzz);
+	}
+}
 
 static bool test_list_files()
 {
@@ -381,9 +412,11 @@ static int nfq_main(void)
 	if (!lua_init())
 		goto err;
 
+	do_fuzz();
+
 	if (!params.intercept)
 	{
-		DLOG("no intercept quit\n");
+		DLOG_CONDUP("no intercept quit\n");
 		goto exok;
 	}
 
@@ -548,6 +581,8 @@ static int dvt_main(void)
 	if (!lua_init())
 		goto exiterr;
 
+	do_fuzz();
+
 	if (!params.intercept)
 	{
 		DLOG("no intercept quit\n");
@@ -737,6 +772,8 @@ static int win_main()
 			res=ERROR_INVALID_PARAMETER; goto ex;
 		}
 
+		do_fuzz();
+
 		if (!params.intercept)
 		{
 			DLOG("no intercept quit\n");
@@ -1783,6 +1820,7 @@ enum opt_indices {
 	IDX_DEBUG,
 	IDX_DRY_RUN,
 	IDX_INTERCEPT,
+	IDX_FUZZ,
 	IDX_VERSION,
 	IDX_COMMENT,
 #ifdef __linux__
@@ -1886,6 +1924,7 @@ static const struct option long_options[] = {
 	[IDX_DEBUG] = {"debug", optional_argument, 0, 0},
 	[IDX_DRY_RUN] = {"dry-run", no_argument, 0, 0},
 	[IDX_INTERCEPT] = {"intercept", optional_argument, 0, 0},
+	[IDX_FUZZ] = {"fuzz", required_argument, 0, 0},
 	[IDX_VERSION] = {"version", no_argument, 0, 0},
 	[IDX_COMMENT] = {"comment", optional_argument, 0, 0},
 #ifdef __linux__
@@ -2161,6 +2200,10 @@ int main(int argc, char **argv)
 		case IDX_INTERCEPT:
 			params.intercept = !optarg || atoi(optarg);
 			break;
+		case IDX_FUZZ:
+			params.fuzz = atoi(optarg);
+			params.intercept = false;
+			break;
 		case IDX_VERSION:
 			exit_clean(0);
 			break;
diff --git a/nfq2/params.h b/nfq2/params.h
index 81c3776..8b449ff 100644
--- a/nfq2/params.h
+++ b/nfq2/params.h
@@ -133,6 +133,7 @@ struct params_s
 	bool debug;
 
 	bool daemon, intercept;
+	unsigned int fuzz;
 
 #ifdef __linux__
 	int qnum;