From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Thu, 30 Aug 2012 17:51:27 +0000 (-0400)
Subject: nwfilter: loop generated too many rules
X-Git-Tag: v0.10.1~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9e995c9a238b1ba69885c0eb66dabb8bcae28d83;p=thirdparty%2Flibvirt.git

nwfilter: loop generated too many rules

The loop processing the trusted DHCP server generated one too
many rules and added one final rules that accepted responses
from all DHCP servers. Below patch fixes this.
---

diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index ad1d0555eb..701c55c58c 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -3374,10 +3374,10 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
 
         VIR_FREE(srcIPParam);
 
-        if (idx == num_dhcpsrvrs)
-            break;
-
         idx++;
+
+        if (idx >= num_dhcpsrvrs)
+            break;
     }
 
     virBufferAsprintf(&buf,