diff --git a/header_encryption.c b/header_encryption.c
index 1966819..756d198 100644
--- a/header_encryption.c
+++ b/header_encryption.c
@@ -44,8 +44,8 @@ uint32_t packet_header_decrypt (uint8_t packet[], uint8_t packet_len,
 }
 
 
-int32_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len,
-					   struct sn_community *communities) {
+int8_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len,
+					  struct sn_community *communities) {
 
 	struct sn_community *c, *tmp;
 
diff --git a/header_encryption.h b/header_encryption.h
index a4395e0..65b9709 100644
--- a/header_encryption.h
+++ b/header_encryption.h
@@ -23,8 +23,8 @@ uint32_t packet_header_decrypt (uint8_t packet[], uint8_t packet_len,
                                 char * community_name, he_context_t * ctx);
 
 
-int32_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len,
-                                           struct sn_community * communities);
+int8_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len,
+                                          struct sn_community * communities);
 
 
 int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_t * ctx);
diff --git a/sn_utils.c b/sn_utils.c
index 95a26b8..b38e045 100644
--- a/sn_utils.c
+++ b/sn_utils.c
@@ -393,6 +393,8 @@ static int process_udp(n2n_sn_t *sss,
                ntohs(sender_sock->sin_port));
 
     he = packet_header_decrypt_if_required (udp_buf, udp_size, sss->communities);
+    if (he < 0)
+	return -1; /* something wrong with packet decryption */
 
     /* Use decode_common() to determine the kind of packet then process it:
      *