On Mon, 09 Mar 2020 17:22:57 -0400 Daniel Kahn Gillmor <d...@fifthhorseman.net> wrote:
> On Mon 2020-02-03 13:20:22 -0500, Celejar wrote: > > Okay, now I've gotten it. I've uninstalled nftables and put in the > > debug line, and I get this (with 1.0.20200121-2): > > > > ~# ifdown wg0 > > [#] ip -4 rule delete table 51820 > > [#] ip -4 rule delete table main suppress_prefixlength 0 > > [#] ip link delete dev wg0 > > [#] resolvconf -d tun.wg0 -f > > RESTORING: *filter > > COMMIT > > *nat > > COMMIT > > *mangle > > -D PREROUTING -p udp -m comment --comment "wg-quick(8) rule for wg0" -j > > CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff > > -D POSTROUTING -p udp -m mark --mark 0xca6c -m comment --comment > > "wg-quick(8) rule for wg0" -j CONNMARK --save-mark --nfmask 0xffffffff > > --ctmask 0xffffffff > > COMMIT > > *raw > > COMMIT > > [#] iptables-restore -n > > /usr/bin/wg-quick: line 29: 2284068 Segmentation fault "$@" > > > OK, so it looks to me like the problem comes when feeding this set of > commands into iptables-restore. > > But hm, i'm still having trouble replicating the segfault. > > Is this still happening for you? Yes (with 1.0.20200206-2) > Can you send the output of these two commands? > > dpkg -l iptables wireguard ~$ dpkg -l iptables wireguard Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description ++ +-==============-==============-============-==================================================== ii iptables 1.8.4-3 amd64 administration tools for packet filtering and NAT ii wireguard 1.0.20200206-2 all fast, modern, secure kernel VPN tunnel (metapackage) > dpkg -S $(readlink -f $(which iptables-restore)) ~# dpkg -S $(readlink -f $(which iptables-restore)) iptables: /usr/sbin/xtables-nft-multi > That might help us narrow down the cause of the segfault. > > Sorry for how long this is taking to debug! Hey, wireguard itself seems entirely functional here - I'm just trying to do my tiny bit to help Debian! Thank you for all your work on this and Debian in general (and your privacy work). Celejar