From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 30 May 2018 10:40:32 +0000 (+0200)
Subject: statement: old kernels are allowing burst zero, don't print it
X-Git-Tag: v0.9.0~40
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=239a8fbbaa061d55c653922e158d8ba352eaf57f;p=thirdparty%2Fnftables.git

statement: old kernels are allowing burst zero, don't print it

Don't print limit burst zero which was the default value in old kernels,
this is not allowed in more recent kernels that now operate like
iptables xt_limit which is what users are expecting.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/statement.c b/src/statement.c
index fa0cd77c..ac151737 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -358,7 +358,7 @@ static void limit_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
 		nft_print(octx, "limit rate %s%" PRIu64 "/%s",
 			  inv ? "over " : "", stmt->limit.rate,
 			  get_unit(stmt->limit.unit));
-		if (stmt->limit.burst != 5)
+		if (stmt->limit.burst && stmt->limit.burst != 5)
 			nft_print(octx, " burst %u packets",
 				  stmt->limit.burst);
 		break;