From: Maks Mishin <maks.mishinfz@gmail.com>
Date: Wed, 15 May 2024 20:25:03 +0000 (+0300)
Subject: evaluate: Fix incorrect checking the `base` variable in case of IPV6
X-Git-Tag: v1.1.0~34
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f6b579344eee17e5587b6a7fcc444fe997cd8cb6;p=thirdparty%2Fnftables.git

evaluate: Fix incorrect checking the `base` variable in case of IPV6

Found by RASU JSC.

Fixes: 2b29ea5f3c3e ("src: ct: add eval part to inject dependencies for ct saddr/daddr")
Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/evaluate.c b/src/evaluate.c
index 8ab0c9e2..227f5da8 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1126,7 +1126,7 @@ static int ct_gen_nh_dependency(struct eval_ctx *ctx, struct expr *ct)
 		base = pctx->protocol[PROTO_BASE_NETWORK_HDR].desc;
 		if (base == &proto_ip)
 			ct->ct.nfproto = NFPROTO_IPV4;
-		else if (base == &proto_ip)
+		else if (base == &proto_ip6)
 			ct->ct.nfproto = NFPROTO_IPV6;
 
 		if (base)