statement: old kernels are allowing burst zero, don't print it

Don't print limit burst zero which was the default value in old kernels,
this is not allowed in more recent kernels that now operate like
iptables xt_limit which is what users are expecting.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/statement.c b/src/statement.c
index fa0cd77cb667205327e0a2ed41364bc5d61b3610..ac151737cade1b8d81fe632590512a1a19afce81 100644 (file)
--- a/src/statement.c
+++ b/src/statement.c
@@ -358,7 +358,7 @@ static void limit_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
                nft_print(octx, "limit rate %s%" PRIu64 "/%s",
                          inv ? "over " : "", stmt->limit.rate,
                          get_unit(stmt->limit.unit));
-               if (stmt->limit.burst != 5)
+               if (stmt->limit.burst && stmt->limit.burst != 5)
                        nft_print(octx, " burst %u packets",
                                  stmt->limit.burst);
                break;