payload: only assert if l2 header base has no length

nftables will assert in some cases because the sanity check is done even
for network and transport header bases.

However, stacked headers are only supported for the link layer.
Move the assertion around and add a test case for this.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/payload.c b/src/payload.c
index 5de3d320758a533ac5cc6dded16da4fc681aeb1e..44aa834cc07b0b71bde7638dce9fd4b1ee8d24cf 100644 (file)
--- a/src/payload.c
+++ b/src/payload.c
@@ -118,11 +118,10 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx,
 
        assert(desc->base <= PROTO_BASE_MAX);
        if (desc->base == base->base) {
-               assert(base->length > 0);
-
                if (!left->payload.is_raw) {
                        if (desc->base == PROTO_BASE_LL_HDR &&
                            ctx->stacked_ll_count < PROTO_CTX_NUM_PROTOS) {
+                               assert(base->length > 0);
                                ctx->stacked_ll[ctx->stacked_ll_count] = base;
                                ctx->stacked_ll_count++;
                        }

diff --git a/tests/shell/testcases/bogons/nft-f/payload_expr_pctx_update_assert b/tests/shell/testcases/bogons/nft-f/payload_expr_pctx_update_assert
new file mode 100644 (file)
index 0000000..64bd596
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/payload_expr_pctx_update_assert
@@ -0,0 +1 @@
+x x comp nexthdr comp