'vlan id 1'
must also add a ethernet header dep, else nft fetches the payload from
header offset 0 instead of 14.
Reported-by: Yi Chen <yiche@xxxxxxxxxx>
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/evaluate.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index ca6e5883a1f9..a52867b33be0 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -723,7 +723,25 @@ static int __expr_evaluate_payload(struct eval_ctx *ctx, struct expr *expr)
rule_stmt_insert_at(ctx->rule, nstmt, ctx->stmt);
desc = ctx->pctx.protocol[base].desc;
- goto check_icmp;
+
+ if (desc == expr->payload.desc)
+ goto check_icmp;
+
+ if (base == PROTO_BASE_LL_HDR) {
+ int link;
+
+ link = proto_find_num(desc, payload->payload.desc);
+ if (link < 0 ||
+ conflict_resolution_gen_dependency(ctx, link, payload, &nstmt) < 0)
+ return expr_error(ctx->msgs, payload,
+ "conflicting protocols specified: %s vs. %s",
+ desc->name,
+ payload->payload.desc->name);
+
+ payload->payload.offset += ctx->pctx.stacked_ll[0]->length;
+ rule_stmt_insert_at(ctx->rule, nstmt, ctx->stmt);
+ return 1;
+ }
}
if (payload->payload.base == desc->base &&
--
2.35.1
