nftables will assert in some cases because the sanity check is done even
for network and transport header bases.
However, stacked headers are only supported for the link layer.
Move the assertion around and add a test case for this.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/payload.c | 3 +--
.../testcases/bogons/nft-f/payload_expr_pctx_update_assert | 1 +
2 files changed, 2 insertions(+), 2 deletions(-)
create mode 100644 tests/shell/testcases/bogons/nft-f/payload_expr_pctx_update_assert
diff --git a/src/payload.c b/src/payload.c
index 5de3d320758a..44aa834cc07b 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -118,11 +118,10 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx,
assert(desc->base <= PROTO_BASE_MAX);
if (desc->base == base->base) {
- assert(base->length > 0);
-
if (!left->payload.is_raw) {
if (desc->base == PROTO_BASE_LL_HDR &&
ctx->stacked_ll_count < PROTO_CTX_NUM_PROTOS) {
+ assert(base->length > 0);
ctx->stacked_ll[ctx->stacked_ll_count] = base;
ctx->stacked_ll_count++;
}
diff --git a/tests/shell/testcases/bogons/nft-f/payload_expr_pctx_update_assert b/tests/shell/testcases/bogons/nft-f/payload_expr_pctx_update_assert
new file mode 100644
index 000000000000..64bd596ad8b4
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/payload_expr_pctx_update_assert
@@ -0,0 +1 @@
+x x comp nexthdr comp
--
2.41.0
