]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: df03c8b)
evaluate: Fix incorrect checking the `base` variable in case of IPV6
authorMaks Mishin <maks.mishinfz@gmail.com>
Wed, 15 May 2024 20:25:03 +0000 (23:25 +0300)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 23 Jan 2025 00:35:35 +0000 (01:35 +0100)
commit f6b579344eee17e5587b6a7fcc444fe997cd8cb6 upstream.

Found by RASU JSC.

Fixes: 2b29ea5f3c3e ("src: ct: add eval part to inject dependencies for ct saddr/daddr")
Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/evaluate.c patch | blob | blame | history

diff --git a/src/evaluate.c b/src/evaluate.c
index 231d0eed2827485751b4142b014f5c817a24b7c9..1cac3fdc3a9e4803ad05e543531e5bb6f805b7a1 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1008,7 +1008,7 @@ static int ct_gen_nh_dependency(struct eval_ctx *ctx, struct expr *ct)
                base = ctx->pctx.protocol[PROTO_BASE_NETWORK_HDR].desc;
                if (base == &proto_ip)
                        ct->ct.nfproto = NFPROTO_IPV4;
-               else if (base == &proto_ip)
+               else if (base == &proto_ip6)
                        ct->ct.nfproto = NFPROTO_IPV6;
 
                if (base)
Mirror of git://git.netfilter.org/nftables