From 7e92ce7ce65aa22c10c350bcfbc1c5896d919453 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Thu, 11 Aug 2011 15:45:35 +0200
Subject: [PATCH] xt_psd: move early bail-out code above skb_header_pointer

---
 extensions/xt_psd.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/extensions/xt_psd.c b/extensions/xt_psd.c
index 62b7991..b038f48 100644
--- a/extensions/xt_psd.c
+++ b/extensions/xt_psd.c
@@ -130,6 +130,12 @@ xt_psd_match(const struct sk_buff *pskb, struct xt_action_param *match)
 	/* Get the source address, source & destination ports, and TCP flags */
 
 	addr.s_addr = iph->saddr;
+	/* We're using IP address 0.0.0.0 for a special purpose here, so don't let
+	 * them spoof us. [DHCP needs this feature - HW] */
+	if (addr.s_addr == 0) {
+		pr_debug("spoofed source address (0.0.0.0)\n");
+		return false;
+	}
 
 	if (proto == IPPROTO_TCP) {
 		tcph = skb_header_pointer(pskb, match->thoff,
@@ -154,13 +160,6 @@ xt_psd_match(const struct sk_buff *pskb, struct xt_action_param *match)
 		return false;
 	}
 
-	/* We're using IP address 0.0.0.0 for a special purpose here, so don't let
-	 * them spoof us. [DHCP needs this feature - HW] */
-	if (addr.s_addr == 0) {
-		pr_debug("spoofed source address (0.0.0.0)\n");
-		return false;
-	}
-
 	/* Use jiffies here not to depend on someone setting the time while we're
 	 * running; we need to be careful with possible return value overflows. */
 	now = jiffies;