32 lines
986 B
Diff
32 lines
986 B
Diff
From f6b579344eee17e5587b6a7fcc444fe997cd8cb6 Mon Sep 17 00:00:00 2001
|
|
From: Maks Mishin <maks.mishinfz@gmail.com>
|
|
Date: Wed, 15 May 2024 23:25:03 +0300
|
|
Subject: [PATCH] evaluate: Fix incorrect checking the `base` variable in case
|
|
of IPV6
|
|
|
|
Found by RASU JSC.
|
|
|
|
Fixes: 2b29ea5f3c3e ("src: ct: add eval part to inject dependencies for ct saddr/daddr")
|
|
Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
---
|
|
src/evaluate.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/evaluate.c b/src/evaluate.c
|
|
index 8ab0c9e2..227f5da8 100644
|
|
--- a/src/evaluate.c
|
|
+++ b/src/evaluate.c
|
|
@@ -1126,7 +1126,7 @@ static int ct_gen_nh_dependency(struct eval_ctx *ctx, struct expr *ct)
|
|
base = pctx->protocol[PROTO_BASE_NETWORK_HDR].desc;
|
|
if (base == &proto_ip)
|
|
ct->ct.nfproto = NFPROTO_IPV4;
|
|
- else if (base == &proto_ip)
|
|
+ else if (base == &proto_ip6)
|
|
ct->ct.nfproto = NFPROTO_IPV6;
|
|
|
|
if (base)
|
|
--
|
|
2.33.0
|
|
|