diff --git a/binaries/aarch64/nfqws b/binaries/aarch64/nfqws
index 1f8af9c2..b527bdc6 100755
Binary files a/binaries/aarch64/nfqws and b/binaries/aarch64/nfqws differ
diff --git a/binaries/arm/nfqws b/binaries/arm/nfqws
index a7390a11..6d7964b8 100755
Binary files a/binaries/arm/nfqws and b/binaries/arm/nfqws differ
diff --git a/binaries/freebsd-x64/dvtws b/binaries/freebsd-x64/dvtws
index c1c6126a..60c17aad 100755
Binary files a/binaries/freebsd-x64/dvtws and b/binaries/freebsd-x64/dvtws differ
diff --git a/binaries/mips32r1-lsb/nfqws b/binaries/mips32r1-lsb/nfqws
index b0a1a03b..2a085bbc 100755
Binary files a/binaries/mips32r1-lsb/nfqws and b/binaries/mips32r1-lsb/nfqws differ
diff --git a/binaries/mips32r1-msb/nfqws b/binaries/mips32r1-msb/nfqws
index 5756e0e6..cb9ee6af 100755
Binary files a/binaries/mips32r1-msb/nfqws and b/binaries/mips32r1-msb/nfqws differ
diff --git a/binaries/mips64r2-msb/nfqws b/binaries/mips64r2-msb/nfqws
index f6b6c9c3..c440c943 100755
Binary files a/binaries/mips64r2-msb/nfqws and b/binaries/mips64r2-msb/nfqws differ
diff --git a/binaries/ppc/nfqws b/binaries/ppc/nfqws
index 7577e83b..da2b4873 100755
Binary files a/binaries/ppc/nfqws and b/binaries/ppc/nfqws differ
diff --git a/binaries/win64/winws.exe b/binaries/win64/winws.exe
index a1f205d4..8ba87a4a 100644
Binary files a/binaries/win64/winws.exe and b/binaries/win64/winws.exe differ
diff --git a/binaries/win64/zapret-winws/winws.exe b/binaries/win64/zapret-winws/winws.exe
index a1f205d4..8ba87a4a 100644
Binary files a/binaries/win64/zapret-winws/winws.exe and b/binaries/win64/zapret-winws/winws.exe differ
diff --git a/binaries/x86/nfqws b/binaries/x86/nfqws
index ba0ff0e0..49469c47 100755
Binary files a/binaries/x86/nfqws and b/binaries/x86/nfqws differ
diff --git a/binaries/x86_64/nfqws b/binaries/x86_64/nfqws
index 296b575e..118a802b 100755
Binary files a/binaries/x86_64/nfqws and b/binaries/x86_64/nfqws differ
diff --git a/nfq/desync.c b/nfq/desync.c
index acc3b420..df13ab5a 100644
--- a/nfq/desync.c
+++ b/nfq/desync.c
@@ -921,9 +921,6 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 			}
 		}
 
-		reasm_orig_cancel(ctrack);
-		rdata_payload=NULL;
-
 		if (ctrack && ctrack->req_seq_finalized)
 		{
 			uint32_t dseq = ctrack->seq_last - ctrack->req_seq_end;
@@ -943,13 +940,18 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 					if (!ctrack_replay->hostname)
 					{
 						DLOG_ERR("hostname dup : out of memory");
+						reasm_orig_cancel(ctrack);
 						return verdict;
 					}
 					DLOG("we have hostname now. searching desync profile again.\n");
 					struct desync_profile *dp_prev = dp;
 					dp = ctrack_replay->dp = dp_find(&params.desync_profiles, !!ip6hdr, ntohs(bReverse ? tcphdr->th_sport : tcphdr->th_dport), 0, ctrack_replay->hostname, &ctrack_replay->bCheckDone, &ctrack_replay->bCheckResult, &ctrack_replay->bCheckExcluded);
 					ctrack_replay->dp_search_complete = true;
-					if (!dp) return verdict;
+					if (!dp)
+					{
+						reasm_orig_cancel(ctrack);
+						return verdict;
+					}
 					if (dp!=dp_prev)
 					{
 						DLOG("desync profile changed by revealed hostname !\n");
@@ -957,7 +959,11 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 						if (!replay)
 						{
 							maybe_cutoff(ctrack, IPPROTO_TCP);
-							if (!process_desync_interval(dp, ctrack)) return verdict;
+							if (!process_desync_interval(dp, ctrack))
+							{
+								reasm_orig_cancel(ctrack);
+								return verdict;
+							}
 						}
 					}
 				}
@@ -980,17 +986,12 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 							ctrack_stop_retrans_counter(ctrack_replay);
 					}
 					DLOG("not applying tampering to this request\n");
+					reasm_orig_cancel(ctrack);
 					return verdict;
 				}
 			}
 		}
 
-		if (l7proto==UNKNOWN)
-		{
-			if (!dp->desync_any_proto) return verdict;
-			DLOG("applying tampering to unknown protocol\n");
-		}
-
 		// desync profile may have changed after hostname was revealed
 		switch(l7proto)
 		{
@@ -1010,8 +1011,18 @@ static uint8_t dpi_desync_tcp_packet_play(bool replay, size_t reasm_offset, uint
 				split_pos=dp->desync_split_pos;
 				break;
 		}
-		ttl_fake = (ctrack_replay && ctrack_replay->autottl) ? ctrack_replay->autottl : (ip6hdr ? (dp->desync_ttl6 ? dp->desync_ttl6 : ttl_orig) : (dp->desync_ttl ? dp->desync_ttl : ttl_orig));
 
+		// we do not need reasm buffer anymore
+		reasm_orig_cancel(ctrack);
+		rdata_payload=NULL;
+
+		if (l7proto==UNKNOWN)
+		{
+			if (!dp->desync_any_proto) return verdict;
+			DLOG("applying tampering to unknown protocol\n");
+		}
+
+		ttl_fake = (ctrack_replay && ctrack_replay->autottl) ? ctrack_replay->autottl : (ip6hdr ? (dp->desync_ttl6 ? dp->desync_ttl6 : ttl_orig) : (dp->desync_ttl ? dp->desync_ttl : ttl_orig));
 
 		if (bIsHttp && (dp->hostcase || dp->hostnospace || dp->domcase) && (phost = (uint8_t*)memmem(data_payload, len_payload, "\r\nHost: ", 8)))
 		{