diff --git a/src/packet_analysis/protocol/ayiya/AYIYA.cc b/src/packet_analysis/protocol/ayiya/AYIYA.cc
index 70b46c3df2..f1ff574e56 100644
--- a/src/packet_analysis/protocol/ayiya/AYIYA.cc
+++ b/src/packet_analysis/protocol/ayiya/AYIYA.cc
@@ -63,19 +63,22 @@ bool AYIYAAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packe
 	len -= hdr_size;
 	data += hdr_size;
 
+	// We've successfully parsed the AYIYA part, so we might as well confirm this.
+	AnalyzerConfirmation(packet->session);
+
+	if ( len == 0 )
+		{
+		// A AYIYA header that isn't followed by a tunnelled packet seems weird.
+		Weird("ayiya_empty_packet", packet);
+		return false;
+		}
+
 	int encap_index = 0;
 	auto inner_packet = packet_analysis::IPTunnel::build_inner_packet(
 		packet, &encap_index, nullptr, len, data, DLT_RAW, BifEnum::Tunnel::AYIYA,
 		GetAnalyzerTag());
 
-	AnalyzerConfirmation(packet->session);
-
-	// Skip the header and pass on to the next analyzer. It's possible for AYIYA to
-	// just be a header and nothing after it, so check for that case.
-	if ( len > hdr_size )
-		return ForwardPacket(len, data, inner_packet.get(), next_header);
-
-	return true;
+	return ForwardPacket(len, data, inner_packet.get(), next_header);
 	}
 
 bool AYIYAAnalyzer::DetectProtocol(size_t len, const uint8_t* data, Packet* packet)
diff --git a/src/packet_analysis/protocol/geneve/Geneve.cc b/src/packet_analysis/protocol/geneve/Geneve.cc
index 219c8ba7be..c01c44fbd5 100644
--- a/src/packet_analysis/protocol/geneve/Geneve.cc
+++ b/src/packet_analysis/protocol/geneve/Geneve.cc
@@ -70,21 +70,24 @@ bool GeneveAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pack
 	len -= hdr_size;
 	data += hdr_size;
 
-	// We've successfully parsed everything, so we might as well confirm this.
+	// We've successfully parsed the Geneve part, so we might as well confirm this.
 	AnalyzerConfirmation(packet->session);
 
+	if ( len == 0 )
+		{
+		// A Geneve header that isn't followed by a tunnelled packet seems weird.
+		Weird("geneve_empty_packet", packet);
+		return false;
+		}
+
 	int encap_index = 0;
 	auto inner_packet = packet_analysis::IPTunnel::build_inner_packet(
 		packet, &encap_index, nullptr, len, data, DLT_RAW, BifEnum::Tunnel::GENEVE,
 		GetAnalyzerTag());
 
-	// Skip the header and pass on to the next analyzer. It's possible for Geneve to
-	// just be a header and nothing after it, so check for that case.
-	bool fwd_ret_val = true;
-	if ( len > hdr_size )
-		fwd_ret_val = ForwardPacket(len, data, inner_packet.get(), next_header);
+	bool analysis_succeeded = ForwardPacket(len, data, inner_packet.get(), next_header);
 
-	if ( fwd_ret_val && geneve_packet )
+	if ( analysis_succeeded && geneve_packet )
 		{
 		EncapsulatingConn* ec = inner_packet->encap->At(encap_index);
 		if ( ec && ec->ip_hdr )
@@ -92,5 +95,5 @@ bool GeneveAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pack
 			                                    ec->ip_hdr->ToPktHdrVal(), val_mgr->Count(vni));
 		}
 
-	return fwd_ret_val;
+	return analysis_succeeded;
 	}
diff --git a/src/packet_analysis/protocol/vxlan/VXLAN.cc b/src/packet_analysis/protocol/vxlan/VXLAN.cc
index ed8b93c4df..762bfe5dd3 100644
--- a/src/packet_analysis/protocol/vxlan/VXLAN.cc
+++ b/src/packet_analysis/protocol/vxlan/VXLAN.cc
@@ -47,19 +47,24 @@ bool VXLAN_Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pack
 	len -= hdr_size;
 	data += hdr_size;
 
-	// We've successfully parsed everything, so we might as well confirm this.
+	// We've successfully parsed the VXLAN part, so we might as well confirm this.
 	AnalyzerConfirmation(packet->session);
 
+	if ( len == 0 )
+		{
+		// A VXLAN header that isn't followed by a tunnelled packet seems weird.
+		Weird("vxlan_empty_packet", packet);
+		return false;
+		}
+
 	int encap_index = 0;
 	auto inner_packet = packet_analysis::IPTunnel::build_inner_packet(
 		packet, &encap_index, nullptr, len, data, DLT_RAW, BifEnum::Tunnel::VXLAN,
 		GetAnalyzerTag());
 
-	bool fwd_ret_val = true;
-	if ( len > hdr_size )
-		fwd_ret_val = ForwardPacket(len, data, inner_packet.get());
+	bool analysis_succeeded = ForwardPacket(len, data, inner_packet.get());
 
-	if ( fwd_ret_val && vxlan_packet )
+	if ( analysis_succeeded && vxlan_packet )
 		{
 		EncapsulatingConn* ec = inner_packet->encap->At(encap_index);
 		if ( ec && ec->ip_hdr )
@@ -67,5 +72,5 @@ bool VXLAN_Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pack
 			                                    ec->ip_hdr->ToPktHdrVal(), val_mgr->Count(vni));
 		}
 
-	return fwd_ret_val;
+	return analysis_succeeded;
 	}