diff --git a/net/core/filter.c b/net/core/filter.c
index cd3524cb3..13d0edec1 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -17,6 +17,7 @@
  * Kris Katterjohn - Added many additional checks in bpf_check_classic()
  */
 
+#include "linux/printk.h"
 #include <linux/atomic.h>
 #include <linux/bpf_verifier.h>
 #include <linux/module.h>
@@ -2466,12 +2467,21 @@ BPF_CALL_3(bpf_clone_redirect, struct sk_buff *, skb, u32, ifindex, u64, flags)
 	 * here, we need to free the just generated clone to unclone once
 	 * again.
 	 */
-	ret = bpf_try_make_head_writable(skb);
+	ret = bpf_try_make_head_writable(skb);	
 	if (unlikely(ret)) {
 		kfree_skb(clone);
 		return -ENOMEM;
 	}
 
+	pr_alert("DANIEL DEBUG: min %d max %d pkt %d", dev->min_header_len, dev->hard_header_len, skb_headlen(skb));
+
+	int header_len = skb_headlen(skb);
+	if (unlikely(header_len < dev->min_header_len ||
+		     header_len > dev->hard_header_len)) {
+		kfree_skb(clone);
+		return -EINVAL;
+	}
+
 	return __bpf_redirect(clone, dev, flags);
 }