From f6b579344eee17e5587b6a7fcc444fe997cd8cb6 Mon Sep 17 00:00:00 2001
From: Maks Mishin <maks.mishinfz@gmail.com>
Date: Wed, 15 May 2024 23:25:03 +0300
Subject: [PATCH] evaluate: Fix incorrect checking the `base` variable in case
 of IPV6

Found by RASU JSC.

Fixes: 2b29ea5f3c3e ("src: ct: add eval part to inject dependencies for ct saddr/daddr")
Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/evaluate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/evaluate.c b/src/evaluate.c
index 8ab0c9e2..227f5da8 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1126,7 +1126,7 @@ static int ct_gen_nh_dependency(struct eval_ctx *ctx, struct expr *ct)
 		base = pctx->protocol[PROTO_BASE_NETWORK_HDR].desc;
 		if (base == &proto_ip)
 			ct->ct.nfproto = NFPROTO_IPV4;
-		else if (base == &proto_ip)
+		else if (base == &proto_ip6)
 			ct->ct.nfproto = NFPROTO_IPV6;
 
 		if (base)
-- 
2.33.0