evaluate: Fix incorrect checking the `base` variable in case of IPV6

Found by RASU JSC.

Fixes: 2b29ea5f3c3e ("src: ct: add eval part to inject dependencies for ct saddr/daddr")
Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index 8ab0c9e2e97c14dc2739b73548dcc46af3beb854..227f5da8638260a127cc420f03e779c2859fe1dc 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1126,7 +1126,7 @@ static int ct_gen_nh_dependency(struct eval_ctx *ctx, struct expr *ct)
                base = pctx->protocol[PROTO_BASE_NETWORK_HDR].desc;
                if (base == &proto_ip)
                        ct->ct.nfproto = NFPROTO_IPV4;
-               else if (base == &proto_ip)
+               else if (base == &proto_ip6)
                        ct->ct.nfproto = NFPROTO_IPV6;
 
                if (base)