diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-02-16 15:49:11 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-02-21 23:57:27 +0100 |
| commit | 6968c2632e0c7a625ca57cd4501b6b980fdebc55 (patch) | |
| tree | 0dd39f2ed085beddbdafd24869efee592a54f7bb | |
| parent | 1344d9e53ba4d67cedd13a2c76a970fc7ce65683 (diff) | |
evaluate: print error on missing family in nat statement
Print error message in case family cannot be inferred, before this
patch, $? shows 1 after nft execution but no error message was printed.
While at it, update error reporting for consistency in similar use
cases.
Fixes: e5c9c8fe0bcc ("evaluate: stmt_evaluate_nat_map() only if stmt->nat.ipportmap == true")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/evaluate.c | 32 |
1 files changed, 29 insertions, 3 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index fe6384a4..98f3e926 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -3483,6 +3483,28 @@ static int nat_evaluate_transport(struct eval_ctx *ctx, struct stmt *stmt, BYTEORDER_BIG_ENDIAN, expr); } +static const char *stmt_name(const struct stmt *stmt) +{ + switch (stmt->ops->type) { + case STMT_NAT: + switch (stmt->nat.type) { + case NFT_NAT_SNAT: + return "snat"; + case NFT_NAT_DNAT: + return "dnat"; + case NFT_NAT_REDIR: + return "redirect"; + case NFT_NAT_MASQ: + return "masquerade"; + } + break; + default: + break; + } + + return stmt->ops->name; +} + static int stmt_evaluate_l3proto(struct eval_ctx *ctx, struct stmt *stmt, uint8_t family) { @@ -3512,9 +3534,11 @@ static int stmt_evaluate_addr(struct eval_ctx *ctx, struct stmt *stmt, if (pctx->family == NFPROTO_INET) { dtype = get_addr_dtype(family); - if (dtype->size == 0) + if (dtype->size == 0) { return stmt_error(ctx, stmt, - "ip or ip6 must be specified with address for inet tables."); + "specify `%s ip' or '%s ip6' in %s table to disambiguate", + stmt_name(stmt), stmt_name(stmt), family2str(pctx->family)); + } err = stmt_evaluate_arg(ctx, stmt, dtype, dtype->size, BYTEORDER_BIG_ENDIAN, addr); @@ -3540,7 +3564,9 @@ static int stmt_evaluate_nat_map(struct eval_ctx *ctx, struct stmt *stmt) addr_type = TYPE_IP6ADDR; break; default: - return -1; + return stmt_error(ctx, stmt, + "specify `%s ip' or '%s ip6' in %s table to disambiguate", + stmt_name(stmt), stmt_name(stmt), family2str(pctx->family)); } dtype = concat_type_alloc((addr_type << TYPE_BITS) | TYPE_INET_SERVICE); |