diff --git a/Makefile b/Makefile
index 83dc2b2..63507d8 100644
--- a/Makefile
+++ b/Makefile
@@ -9,9 +9,9 @@ TARGET = goodbyedpi.exe
 LIBS = -L$(WINDIVERTLIBS) -lWinDivert -lws2_32
 CC = $(CPREFIX)gcc
 CCWINDRES = $(CPREFIX)windres
-CFLAGS = -Wall -I$(WINDIVERTHEADERS) -L$(WINDIVERTLIBS) \
+CFLAGS = -Wall -Wextra -I$(WINDIVERTHEADERS) -L$(WINDIVERTLIBS) \
          -O2 -pie -fPIE -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
-LDFLAGS = -pie
+LDFLAGS = -Wl,-O1,--sort-common,--as-needed
 
 .PHONY: default all clean
 
@@ -30,7 +30,7 @@ manifest:
 .PRECIOUS: $(TARGET) $(OBJECTS)
 
 $(TARGET): $(OBJECTS)
-	$(CC) $(OBJECTS) -Wall $(LIBS) -s -o $@
+	$(CC) $(OBJECTS) -Wall $(LDFLAGS) $(LIBS) -s -o $@
 
 clean:
 	-rm -f *.o
diff --git a/dnsredir.c b/dnsredir.c
index 5e5e34e..40199aa 100644
--- a/dnsredir.c
+++ b/dnsredir.c
@@ -141,6 +141,8 @@ void dns_cleanup() {
 }
 
 int dns_is_dns_packet(const char *packet_data, const UINT packet_dataLen, const int outgoing) {
+    if (packet_dataLen < 16) return FALSE;
+
     if (outgoing && (ntohs(*(const uint16_t*)(packet_data + 2)) & 0xFA00) == 0 &&
         (ntohs(*(const uint32_t*)(packet_data + 6))) == 0) {
         return TRUE;
@@ -171,7 +173,6 @@ int dns_handle_outgoing(const uint32_t srcip, const uint16_t srcport,
 }
 
 int dns_handle_incoming(const uint32_t srcip, const uint16_t srcport,
-                        const uint32_t dstip, const uint16_t dstport,
                         const char *packet_data, const UINT packet_dataLen,
                         conntrack_info_t *conn_info) {
 
diff --git a/dnsredir.h b/dnsredir.h
index 6f60437..7f0b8d8 100644
--- a/dnsredir.h
+++ b/dnsredir.h
@@ -8,7 +8,6 @@ typedef struct conntrack_info {
 } conntrack_info_t;
 
 int dns_handle_incoming(const uint32_t srcip, const uint16_t srcport,
-                        const uint32_t dstip, const uint16_t dstport,
                         const char *packet_data, const UINT packet_dataLen,
                         conntrack_info_t *conn_info);
 
diff --git a/goodbyedpi.c b/goodbyedpi.c
index 02086b9..95e17fd 100644
--- a/goodbyedpi.c
+++ b/goodbyedpi.c
@@ -137,7 +137,7 @@ static void deinit_all() {
     }
 }
 
-static void sigint_handler(int sig) {
+static void sigint_handler(int sig __attribute__((unused))) {
     deinit_all();
     exit(EXIT_SUCCESS);
 }
@@ -208,7 +208,7 @@ static void change_window_size(const char *pkt, int size) {
 
 /* HTTP method end without trailing space */
 static PVOID find_http_method_end(const char *pkt, int offset) {
-    int i;
+    unsigned int i;
     for (i = 0; i<(sizeof(http_methods) / sizeof(*http_methods)); i++) {
         if (memcmp(pkt, http_methods[i], strlen(http_methods[i])) == 0) {
             return (char*)pkt + strlen(http_methods[i]) - 1;
@@ -285,6 +285,7 @@ int main(int argc, char *argv[]) {
                 do_passivedpi = do_host = do_host_removespace \
                 = do_fragment_https = 1;
                 https_fragment_size = 40;
+                break;
             case '4':
                 do_passivedpi = do_host = do_host_removespace = 1;
                 break;
@@ -354,7 +355,7 @@ int main(int argc, char *argv[]) {
                     exit(EXIT_FAILURE);
                 }
                 dns_port = atoi(optarg);
-                if (dns_port <= 0 || dns_port > 65535) {
+                if (atoi(optarg) <= 0 || atoi(optarg) > 65535) {
                     printf("DNS port parameter error!\n");
                     exit(EXIT_FAILURE);
                 }
@@ -584,7 +585,6 @@ int main(int argc, char *argv[]) {
 
                 if (addr.Direction == WINDIVERT_DIRECTION_INBOUND) {
                     if (dns_handle_incoming(ppIpHdr->DstAddr, ppUdpHdr->DstPort,
-                                        ppIpHdr->SrcAddr, ppUdpHdr->SrcPort,
                                         packet_data, packet_dataLen,
                                         &dns_conn_info))
                     {