From 9cc41467c75ab6beb35e0d7c34d04acd1a44861b Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Thu, 11 Jan 2024 13:11:22 +0100 Subject: [PATCH] payload: only assert if l2 header base has no length nftables will assert in some cases because the sanity check is done even for network and transport header bases. However, stacked headers are only supported for the link layer. Move the assertion around and add a test case for this. Signed-off-by: Florian Westphal --- src/payload.c | 3 +-- .../testcases/bogons/nft-f/payload_expr_pctx_update_assert | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) create mode 100644 tests/shell/testcases/bogons/nft-f/payload_expr_pctx_update_assert diff --git a/src/payload.c b/src/payload.c index 5de3d3207..44aa834cc 100644 --- a/src/payload.c +++ b/src/payload.c @@ -118,11 +118,10 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx, assert(desc->base <= PROTO_BASE_MAX); if (desc->base == base->base) { - assert(base->length > 0); - if (!left->payload.is_raw) { if (desc->base == PROTO_BASE_LL_HDR && ctx->stacked_ll_count < PROTO_CTX_NUM_PROTOS) { + assert(base->length > 0); ctx->stacked_ll[ctx->stacked_ll_count] = base; ctx->stacked_ll_count++; } diff --git a/tests/shell/testcases/bogons/nft-f/payload_expr_pctx_update_assert b/tests/shell/testcases/bogons/nft-f/payload_expr_pctx_update_assert new file mode 100644 index 000000000..64bd596ad --- /dev/null +++ b/tests/shell/testcases/bogons/nft-f/payload_expr_pctx_update_assert @@ -0,0 +1 @@ +x x comp nexthdr comp -- 2.47.2