[pkg-netfilter-team] Bug#916138: conntrackd: State Accept/Ignore isn't working, always get symbol '}': syntax error. Even "SYNC EXAMPLE 2" from manpage fails.

[Eike Lohmann]

Package: conntrackd
Version: 1:1.4.4+snapshot20161117-5
Severity: normal

Dear Maintainer,

the block

State Accept {
    ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT
}

is not working and throw a syntax error.

Even the examples in all manuals have this problem.

If I move the block upwards under "filter from userspace/kernelspace" the syntax
error line number get smaller.

[ERROR] parsing config file in line (48), symbol '}': syntax error

If I uncomment the block, the config work.

Thank you in advance, Eike


-- System Information:
Debian Release: 9.6
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-0.bpo.1-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages conntrackd depends on:
ii  init-system-helpers      1.48
ii  libc6                    2.24-11+deb9u3
ii  libmnl0                  1.0.4-2
ii  libnetfilter-conntrack3  1.0.6-2
ii  libnetfilter-cthelper0   1.0.0-1
ii  libnetfilter-queue1      1.0.2-2
ii  libnfnetlink0            1.0.1-3
ii  libsystemd0              232-25+deb9u6

conntrackd recommends no packages.

conntrackd suggests no packages.

-- Configuration Files:
/etc/conntrackd/conntrackd.conf changed:
       Sync {
            Mode NOTRACK {
                 DisableInternalCache on
                 DisableExternalCache on
            }
            TCP {
                 IPv4_address 192.168.2.100
                 IPv4_Destination_Address 192.168.2.101
                 Port 3780
                 Interface eth2
                 SndSocketBuffer 1249280
                 RcvSocketBuffer 1249280
                 Checksum on
            }
            Options {
                 TCPWindowTracking Off
                 ExpectationSync On
            }
       }
       General {
            Systemd on
            HashSize 32768
            HashLimit 131072
            LogFile on
            Syslog offconntrackd: State Accept/Ignore isn't working, always get
symbol '}': syntax error. Also "SYNC EXAMPLE 2" from manpage fails.
            LockFile /var/lock/conntrack.lock
            UNIX {
                 Path /var/run/conntrackd.ctl
            }
            NetlinkBufferSize 2097152
            NetlinkBufferSizeMaxGrowth 8388608
            NetlinkOverrunResync On
            NetlinkEventsReliable Off
            EventIterationLimit 100
            Filter From Userspace {
                 Protocol Accept {
                      TCP
                      SCTP
                      DCCP
                 }
                 Address Ignore {
                      IPv4_address 127.0.0.1
                      IPv4_address 192.168.0.0/16
                      IPv6_address ::1
                 }
                 State Accept {
                      ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT
                 }
            }
       }


-- no debconf information