33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
From f6b579344eee17e5587b6a7fcc444fe997cd8cb6 Mon Sep 17 00:00:00 2001
|
|
From: Maks Mishin <maks.mishinfz@gmail.com>
|
|
Date: Wed, 15 May 2024 23:25:03 +0300
|
|
Subject: evaluate: Fix incorrect checking the `base` variable in case of IPV6
|
|
|
|
Found by RASU JSC.
|
|
|
|
Fixes: 2b29ea5f3c3e ("src: ct: add eval part to inject dependencies for ct saddr/daddr")
|
|
Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
Conflict:change evaluate.c context
|
|
Reference:https://git.netfilter.org/nftables/commit/?id=f6b579344eee17e5587b6a7fcc444fe997cd8cb6
|
|
---
|
|
src/evaluate.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/evaluate.c b/src/evaluate.c
|
|
index 8ab0c9e2..227f5da8 100644
|
|
--- a/src/evaluate.c
|
|
+++ b/src/evaluate.c
|
|
@@ -1126,7 +1126,7 @@ static int ct_gen_nh_dependency(struct eval_ctx *ctx, struct expr *ct)
|
|
base = ctx->pctx.protocol[PROTO_BASE_NETWORK_HDR].desc;
|
|
if (base == &proto_ip)
|
|
ct->ct.nfproto = NFPROTO_IPV4;
|
|
- else if (base == &proto_ip)
|
|
+ else if (base == &proto_ip6)
|
|
ct->ct.nfproto = NFPROTO_IPV6;
|
|
|
|
if (base)
|
|
--
|
|
cgit v1.2.3
|