src: do not print limit keyword inside object definition

table ip limits {
    limit foo {
        limit rate 5/second
        ^^^^^
    }
}

This behaviour is inconsistent and breaks the restoration of saved
rule-sets with "nft -f".

Fixes: c0697eabe832 ("src: add stateful object support for limit")
Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/rule.c b/src/rule.c
index cbc40e2d101c1e93eeff236cc5d20a1472084860..bb9add07efaf5cbbeafda5ed397aab6b0ef707e5 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -1316,7 +1316,7 @@ static void obj_print_data(const struct obj *obj,
                          opts->nl, opts->tab, opts->tab);
                switch (obj->limit.type) {
                case NFT_LIMIT_PKTS:
-                       nft_print(octx, "limit rate %s%" PRIu64 "/%s",
+                       nft_print(octx, "rate %s%" PRIu64 "/%s",
                                  inv ? "over " : "", obj->limit.rate,
                                  get_unit(obj->limit.unit));
                        if (obj->limit.burst > 0)
@@ -1326,7 +1326,7 @@ static void obj_print_data(const struct obj *obj,
                case NFT_LIMIT_PKT_BYTES:
                        data_unit = get_rate(obj->limit.rate, &rate);
 
-                       nft_print(octx, "limit rate %s%" PRIu64 " %s/%s",
+                       nft_print(octx, "rate %s%" PRIu64 " %s/%s",
                                  inv ? "over " : "", rate, data_unit,
                                  get_unit(obj->limit.unit));
                        if (obj->limit.burst > 0) {