diff --git a/net/core/filter.c b/net/core/filter.c
index cd3524cb3..3b7ceef41 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -2191,6 +2191,13 @@ static int __bpf_redirect_common(struct sk_buff *skb, struct net_device *dev,
 		return -ERANGE;
 	}
 
+	if (unlikely(skb->len < dev->min_header_len ||
+		     skb_mac_header_len(skb) < dev->min_header_len ||
+		     skb_mac_header_len(skb) > dev->hard_header_len)) {
+		kfree_skb(skb);
+		return -ERANGE;
+	}
+
 	bpf_push_mac_rcsum(skb);
 	return flags & BPF_F_INGRESS ?
 	       __bpf_rx_skb(dev, skb) : __bpf_tx_skb(dev, skb);
@@ -2472,6 +2479,10 @@ BPF_CALL_3(bpf_clone_redirect, struct sk_buff *, skb, u32, ifindex, u64, flags)
 		return -ENOMEM;
 	}
 
+	pr_info("DANIEL DEBUG: min %d max %d len %d", dev->min_header_len, dev->hard_header_len, skb->len);
+	pr_info("DANIEL DEBUG: mac len %d mac header %p", skb_mac_header_len(skb), skb_mac_header(skb));
+	pr_info("DANIEL DEBUG: network len %d network header %p", skb_network_header_len(skb), skb_network_header(skb));
+
 	return __bpf_redirect(clone, dev, flags);
 }