datatype: reject rate in quota statement

Bail out if rate are used:

 ruleset.nft:5:77-106: Error: Wrong rate format, expecting bytes or kbytes or mbytes
 add rule netdev firewall PROTECTED_IPS update @quota_temp_before { ip daddr quota over 45000 mbytes/second } add @quota_trigger { ip daddr }
                                                                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

improve error reporting while at this.

Fixes: 6615676d825e ("src: add per-bytes limit")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/datatype.c b/src/datatype.c
index d398a9c8c61813c16b97dfca31b9e714f699dd7d..297c5d0409d521405987162965b415ff961fc7c5 100644 (file)
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -1485,14 +1485,14 @@ static struct error_record *time_unit_parse(const struct location *loc,
 struct error_record *data_unit_parse(const struct location *loc,
                                     const char *str, uint64_t *rate)
 {
-       if (strncmp(str, "bytes", strlen("bytes")) == 0)
+       if (strcmp(str, "bytes") == 0)
                *rate = 1ULL;
-       else if (strncmp(str, "kbytes", strlen("kbytes")) == 0)
+       else if (strcmp(str, "kbytes") == 0)
                *rate = 1024;
-       else if (strncmp(str, "mbytes", strlen("mbytes")) == 0)
+       else if (strcmp(str, "mbytes") == 0)
                *rate = 1024 * 1024;
        else
-               return error(loc, "Wrong rate format");
+               return error(loc, "Wrong unit format, expecting bytes, kbytes or mbytes");
 
        return NULL;
 }
@@ -1500,14 +1500,20 @@ struct error_record *data_unit_parse(const struct location *loc,
 struct error_record *rate_parse(const struct location *loc, const char *str,
                                uint64_t *rate, uint64_t *unit)
 {
+       const char *slash, *rate_str;
        struct error_record *erec;
-       const char *slash;
 
        slash = strchr(str, '/');
        if (!slash)
-               return error(loc, "wrong rate format");
+               return error(loc, "wrong rate format, expecting {bytes,kbytes,mbytes}/{second,minute,hour,day,week}");
+
+       rate_str = strndup(str, slash - str);
+       if (!rate_str)
+               memory_allocation_error();
+
+       erec = data_unit_parse(loc, rate_str, rate);
+       free_const(rate_str);
 
-       erec = data_unit_parse(loc, str, rate);
        if (erec != NULL)
                return erec;