From 204b612e230bc8afdceed5d0443da27d4f4b83c8 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Wed, 7 Oct 2009 00:40:19 +0200
Subject: [PATCH] pknock: add_rule must happen after info struct checks

This avoids unnecessarily creating pknock rules if there is an error
with any of the match parameters.
---
 extensions/xt_pknock.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/extensions/xt_pknock.c b/extensions/xt_pknock.c
index 97ccec3..bb65312 100644
--- a/extensions/xt_pknock.c
+++ b/extensions/xt_pknock.c
@@ -1034,9 +1034,6 @@ static bool pknock_mt_check(const struct xt_mtchk_param *par)
 		get_random_bytes(&ipt_pknock_hash_rnd, sizeof (ipt_pknock_hash_rnd));
 	}
 
-	if (!add_rule(info))
-		RETURN_ERR("add_rule() error in checkentry() function.\n");
-
 	if (!(info->option & XT_PKNOCK_NAME))
 		RETURN_ERR("You must specify --name option.\n");
 
@@ -1081,6 +1078,9 @@ static bool pknock_mt_check(const struct xt_mtchk_param *par)
 	}
 #endif
 
+	if (!add_rule(info))
+		RETURN_ERR("add_rule() error in checkentry() function.\n");
+
 	return true;
 }