On Thu, 23 Jan 2020 12:16:07 -0500 Daniel Kahn Gillmor <d...@fifthhorseman.net> wrote:
> On Thu 2020-01-23 00:01:57 -0500, Celejar wrote: > > So right after my last email, I upgraded to 1.0.20200121-1, and now I > > no longer get a segfault. Is there anything further I should do? Should > > I do a downgrade and try your modification? > > If you don't mind downgrading (just the wireguard-tools package), > modifying wg-quick as described, and retrying "ifdown wg0", that would > be useful data to the iptables maintainers, as it should be input that > produces a segmentation fault -- something that is not supposed to > happen. > > Then, you can probably upgrade wireguard-tools again and move on :) I think I'm probably missing something, but lately "ifdown wg0" isn't segfaulting (even after downgrading back to 1.0.20200102-1) - but it doesn't seem to be calling iptables-restore at all, but only nft: ~# ifdown wg0 [#] ip -4 rule delete table 51820 [#] ip -4 rule delete table main suppress_prefixlength 0 [#] ip link delete dev wg0 [#] resolvconf -d tun.wg0 -f [#] nft -f /dev/fd/63 ~# apt-cache policy wireguard-tools wireguard-tools: Installed: 1.0.20200102-1 Candidate: 1.0.20200121-2 Version table: 1.0.20200121-2 500 500 http://deb.debian.org/debian sid/main amd64 Packages *** 1.0.20200102-1 100 100 /var/lib/dpkg/status Celejar