On Tue, 28 Jan 2020 14:14:01 -0500 Daniel Kahn Gillmor <d...@fifthhorseman.net> wrote:
> On Mon 2020-01-27 19:45:36 -0500, Celejar wrote: > > I think I'm probably missing something, but lately "ifdown wg0" isn't > > segfaulting (even after downgrading back to 1.0.20200102-1) - but it > > doesn't seem to be calling iptables-restore at all, but only nft: > > Ah, that'd be because you installed nft. If you only had iptables > installed, and you didn't have nft installed, then you'd exercise the > different codepath in wg-quick. Okay, now I've gotten it. I've uninstalled nftables and put in the debug line, and I get this (with 1.0.20200121-2): ~# ifdown wg0 [#] ip -4 rule delete table 51820 [#] ip -4 rule delete table main suppress_prefixlength 0 [#] ip link delete dev wg0 [#] resolvconf -d tun.wg0 -f RESTORING: *filter COMMIT *nat COMMIT *mangle -D PREROUTING -p udp -m comment --comment "wg-quick(8) rule for wg0" -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff -D POSTROUTING -p udp -m mark --mark 0xca6c -m comment --comment "wg-quick(8) rule for wg0" -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff COMMIT *raw COMMIT [#] iptables-restore -n /usr/bin/wg-quick: line 29: 2284068 Segmentation fault "$@" Celejar