diff -uNr -r 2.6.1.1-orig/src/decode.c 2.6.1.1/src/decode.c
--- 2.6.1.1-orig/src/decode.c	2006-10-13 19:40:41.000000000 +0200
+++ 2.6.1.1/src/decode.c	2007-01-14 00:35:03.000000000 +0100
@@ -2346,7 +2346,13 @@
      * since p->iph will be pointing to this inner IP
      */
     if (p->greh != NULL)
+    {
         p->ip_options_data = NULL;
+        p->ip_options_len = 0;
+        memset(&(p->ip_options[0]), 0, sizeof(p->ip_options));
+        p->ip_lastopt_bad = 0;
+    }
+
 #endif
 
         p->ip_option_count = 0;
@@ -2642,7 +2648,7 @@
     u_int16_t uhlen;
     struct pseudoheader ph;
 
-    if(len < sizeof(UDPHdr))
+    if(len < GRE_HEADER_LEN)
     {
         if(pv.verbose_flag)
         {
@@ -3566,9 +3572,7 @@
         }
     }
 
-    payload_len = len - hlen;
-
-    if (payload_len < 0)
+    if (hlen > len)
     {
         if(pv.verbose_flag)
             ErrorMessage("GRE header length > rest of packet length");
@@ -3589,6 +3593,8 @@
         return;
     }
 
+    payload_len = len - hlen;
+
     /* send to next protocol decoder */
     /* As described in RFC 2784 the possible protocols are listed in
      * RFC 1700 under "ETHER TYPES"