extensions: libxt_conntrack: Drop extra whitespace in xlate

No point in having this. Interestingly, other test cases even made up
for it.

Fixes: 0afd957f6bc03 ("extensions: libxt_state: add translation to nft")
Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/extensions/libxt_SYNPROXY.txlate b/extensions/libxt_SYNPROXY.txlate
index b3de2b2a8c9dc207a5ade3c034c8205a61df2639..a2a3b6c522fe7da3f577bfc5f6e1aef9412dc19f 100644 (file)
--- a/extensions/libxt_SYNPROXY.txlate
+++ b/extensions/libxt_SYNPROXY.txlate
@@ -1,2 +1,2 @@
 iptables-translate -t mangle -A INPUT -i iifname -p tcp -m tcp --dport 80 -m state --state INVALID,UNTRACKED -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1460
-nft add rule ip mangle INPUT iifname "iifname" tcp dport 80 ct state invalid,untracked  counter synproxy sack-perm timestamp wscale 7 mss 1460
+nft add rule ip mangle INPUT iifname "iifname" tcp dport 80 ct state invalid,untracked counter synproxy sack-perm timestamp wscale 7 mss 1460

diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index 08dba42db5a18d4a8103089d629727b47ebc8e43..09548c297695f0a7a1c9c12d3d8d6e37237322e2 100644 (file)
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -1186,7 +1186,6 @@ static int state_xlate(struct xt_xlate *xl,
        xt_xlate_add(xl, "ct state ");
        state_xlate_print(xl, sinfo->state_mask,
                          sinfo->invert_flags & XT_CONNTRACK_STATE);
-       xt_xlate_add(xl, " ");
        return 1;
 }
 

diff --git a/extensions/libxt_hashlimit.txlate b/extensions/libxt_hashlimit.txlate
index 251a30d371db42b9a6164082f3beeb6c31c7dd46..4cc26868e29c0ea8bbca560c19a475aa4c336757 100644 (file)
--- a/extensions/libxt_hashlimit.txlate
+++ b/extensions/libxt_hashlimit.txlate
@@ -1,5 +1,5 @@
 iptables-translate -A OUTPUT -m tcp -p tcp --dport 443 -m hashlimit --hashlimit-above 20kb/s --hashlimit-burst 1mb --hashlimit-mode dstip --hashlimit-name https --hashlimit-dstmask 24 -m state --state NEW -j DROP
-nft add rule ip filter OUTPUT tcp dport 443 meter https { ip daddr and 255.255.255.0 timeout 60s limit rate over 20 kbytes/second burst 1 mbytes } ct state new  counter drop
+nft add rule ip filter OUTPUT tcp dport 443 meter https { ip daddr and 255.255.255.0 timeout 60s limit rate over 20 kbytes/second burst 1 mbytes } ct state new counter drop
 
 iptables-translate -A OUTPUT -m tcp -p tcp --dport 443 -m hashlimit --hashlimit-upto 300 --hashlimit-burst 15 --hashlimit-mode srcip,dstip --hashlimit-name https --hashlimit-htable-expire 300000 -m state --state NEW -j DROP
-nft add rule ip filter OUTPUT tcp dport 443 meter https { ip daddr . ip saddr timeout 300s limit rate 300/second burst 15 packets } ct state new  counter drop
+nft add rule ip filter OUTPUT tcp dport 443 meter https { ip daddr . ip saddr timeout 300s limit rate 300/second burst 15 packets } ct state new counter drop