diff options
| author | Florian Westphal <fw@strlen.de> | 2024-01-11 13:11:22 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2024-01-12 13:04:28 +0100 |
| commit | 9cc41467c75ab6beb35e0d7c34d04acd1a44861b (patch) | |
| tree | aea4dd6859153168a4e6514b50e32f3f9879e0c8 | |
| parent | 172b660843501463a0894b0d2ca1dd48c898dc4d (diff) | |
payload: only assert if l2 header base has no length
nftables will assert in some cases because the sanity check is done even
for network and transport header bases.
However, stacked headers are only supported for the link layer.
Move the assertion around and add a test case for this.
Signed-off-by: Florian Westphal <fw@strlen.de>
| -rw-r--r-- | src/payload.c | 3 | ||||
| -rw-r--r-- | tests/shell/testcases/bogons/nft-f/payload_expr_pctx_update_assert | 1 |
2 files changed, 2 insertions, 2 deletions
diff --git a/src/payload.c b/src/payload.c index 5de3d320..44aa834c 100644 --- a/src/payload.c +++ b/src/payload.c @@ -118,11 +118,10 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx, assert(desc->base <= PROTO_BASE_MAX); if (desc->base == base->base) { - assert(base->length > 0); - if (!left->payload.is_raw) { if (desc->base == PROTO_BASE_LL_HDR && ctx->stacked_ll_count < PROTO_CTX_NUM_PROTOS) { + assert(base->length > 0); ctx->stacked_ll[ctx->stacked_ll_count] = base; ctx->stacked_ll_count++; } diff --git a/tests/shell/testcases/bogons/nft-f/payload_expr_pctx_update_assert b/tests/shell/testcases/bogons/nft-f/payload_expr_pctx_update_assert new file mode 100644 index 00000000..64bd596a --- /dev/null +++ b/tests/shell/testcases/bogons/nft-f/payload_expr_pctx_update_assert @@ -0,0 +1 @@ +x x comp nexthdr comp |