diff --git a/doc/changelog.txt b/doc/changelog.txt
index f8826c7..7c9c649 100644
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -3,6 +3,7 @@ HEAD
 ====
 - xt_TARPIT: fix kernel warning about RTAX_HOPLIMIT being used
 - xt_TEE: abort build when the feature is already provided by mainline
+- xt_psd: restore functionality with UDP
 
 
 v1.37 (2011-06-25)
diff --git a/extensions/xt_psd.c b/extensions/xt_psd.c
index 59e3780..940b7da 100644
--- a/extensions/xt_psd.c
+++ b/extensions/xt_psd.c
@@ -104,7 +104,9 @@ xt_psd_match(const struct sk_buff *pskb, struct xt_action_param *match)
 {
 	const struct iphdr *iph;
 	const struct tcphdr *tcph;
+	const struct udphdr *udph;
 	struct tcphdr _tcph;
+	struct udphdr _udph;
 	struct in_addr addr;
 	u_int16_t src_port,dest_port;
   	u_int8_t tcp_flags, proto;
@@ -135,18 +137,25 @@ xt_psd_match(const struct sk_buff *pskb, struct xt_action_param *match)
 
 	addr.s_addr = iph->saddr;
 
-	tcph = skb_header_pointer(pskb, match->thoff, sizeof(_tcph), &_tcph);
-	if (tcph == NULL)
-		return false;
+	if (proto == IPPROTO_TCP) {
+		tcph = skb_header_pointer(pskb, match->thoff,
+		       sizeof(_tcph), &_tcph);
+		if (tcph == NULL)
+			return false;
 
-	/* Yep, it's dirty */
-	src_port = tcph->source;
-	dest_port = tcph->dest;
-
-	if (proto == IPPROTO_TCP)
+		/* Yep, it's dirty */
+		src_port = tcph->source;
+		dest_port = tcph->dest;
 		tcp_flags = *((u_int8_t*)tcph + 13);
-	else
-		tcp_flags = 0x00;
+	} else if (proto == IPPROTO_UDP) {
+		udph = skb_header_pointer(pskb, match->thoff,
+		       sizeof(_udph), &_udph);
+		if (udph == NULL)
+			return false;
+		src_port  = udph->source;
+		dest_port = udph->dest;
+		tcp_flags = 0;
+	}
 
 	/* We're using IP address 0.0.0.0 for a special purpose here, so don't let
 	 * them spoof us. [DHCP needs this feature - HW] */