evaluate: print error on missing family in nat statement

Print error message in case family cannot be inferred, before this
patch, $? shows 1 after nft execution but no error message was printed.

While at it, update error reporting for consistency in similar use
cases.

Fixes: e5c9c8fe0bcc ("evaluate: stmt_evaluate_nat_map() only if stmt->nat.ipportmap == true")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index fe6384a48e1400bc03257493a15a69c4adc75364..98f3e9263058570289d6a56e857d56e9ca191b34 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3483,6 +3483,28 @@ static int nat_evaluate_transport(struct eval_ctx *ctx, struct stmt *stmt,
                                 BYTEORDER_BIG_ENDIAN, expr);
 }
 
+static const char *stmt_name(const struct stmt *stmt)
+{
+       switch (stmt->ops->type) {
+       case STMT_NAT:
+               switch (stmt->nat.type) {
+               case NFT_NAT_SNAT:
+                       return "snat";
+               case NFT_NAT_DNAT:
+                       return "dnat";
+               case NFT_NAT_REDIR:
+                       return "redirect";
+               case NFT_NAT_MASQ:
+                       return "masquerade";
+               }
+               break;
+       default:
+               break;
+       }
+
+       return stmt->ops->name;
+}
+
 static int stmt_evaluate_l3proto(struct eval_ctx *ctx,
                                 struct stmt *stmt, uint8_t family)
 {
@@ -3512,9 +3534,11 @@ static int stmt_evaluate_addr(struct eval_ctx *ctx, struct stmt *stmt,
 
        if (pctx->family == NFPROTO_INET) {
                dtype = get_addr_dtype(family);
-               if (dtype->size == 0)
+               if (dtype->size == 0) {
                        return stmt_error(ctx, stmt,
-                                         "ip or ip6 must be specified with address for inet tables.");
+                                         "specify `%s ip' or '%s ip6' in %s table to disambiguate",
+                                         stmt_name(stmt), stmt_name(stmt), family2str(pctx->family));
+               }
 
                err = stmt_evaluate_arg(ctx, stmt, dtype, dtype->size,
                                        BYTEORDER_BIG_ENDIAN, addr);
@@ -3540,7 +3564,9 @@ static int stmt_evaluate_nat_map(struct eval_ctx *ctx, struct stmt *stmt)
                addr_type = TYPE_IP6ADDR;
                break;
        default:
-               return -1;
+               return stmt_error(ctx, stmt,
+                                 "specify `%s ip' or '%s ip6' in %s table to disambiguate",
+                                 stmt_name(stmt), stmt_name(stmt), family2str(pctx->family));
        }
        dtype = concat_type_alloc((addr_type << TYPE_BITS) | TYPE_INET_SERVICE);