extensions: hashlimit: remove space before burst in translation to nft

Fixes the following test:

 # python xlate-test.py extensions/libxt_hashlimit.txlate
 extensions/libxt_hashlimit.txlate: Fail
 src: iptables-translate -A OUTPUT -m tcp -p tcp --dport 443 -m hashlimit --hashlimit-upto 300 --hashlimit-burst 15 --hashlimit-mode srcip,dstip --hashlimit-name https --hashlimit-htable-expire 300000 -m state --state NEW -j DROP
 exp: nft add rule ip filter OUTPUT tcp dport 443 meter https { ip daddr . ip saddr timeout 300s limit rate 300/second burst 15 packets} ct state new  counter drop
 res: nft add rule ip filter OUTPUT tcp dport 443 meter https { ip daddr . ip saddr timeout 300s limit rate 300/second  burst 15 packets} ct state new  counter drop

1 test file, 2 tests, 1 tests passed, 1 tests failed, 0 errors

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c
index 86234e3d6089fe50da694988e5f490a5ff053d82..70bc615b1f2de9a1c986fe2105fff71381fccda8 100644 (file)
--- a/extensions/libxt_hashlimit.c
+++ b/extensions/libxt_hashlimit.c
@@ -1353,7 +1353,7 @@ static int hashlimit_mt_xlate(struct xt_xlate *xl, const char *name,
        else {
                print_packets_rate_xlate(xl, cfg->avg, revision);
                if (cfg->burst != XT_HASHLIMIT_BURST)
-                       xt_xlate_add(xl, " burst %lu packets", cfg->burst);
+                       xt_xlate_add(xl, "burst %lu packets", cfg->burst);
 
        }
        xt_xlate_add(xl, "}");