[pkg-netfilter-team] Bug#946996: wireguard-tools: 'wg-quick down' segfaults
Celejar
celejar at gmail.com
Tue Jan 28 00:45:36 GMT 2020
On Thu, 23 Jan 2020 12:16:07 -0500
Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> On Thu 2020-01-23 00:01:57 -0500, Celejar wrote:
> > So right after my last email, I upgraded to 1.0.20200121-1, and now I
> > no longer get a segfault. Is there anything further I should do? Should
> > I do a downgrade and try your modification?
>
> If you don't mind downgrading (just the wireguard-tools package),
> modifying wg-quick as described, and retrying "ifdown wg0", that would
> be useful data to the iptables maintainers, as it should be input that
> produces a segmentation fault -- something that is not supposed to
> happen.
>
> Then, you can probably upgrade wireguard-tools again and move on :)
I think I'm probably missing something, but lately "ifdown wg0" isn't
segfaulting (even after downgrading back to 1.0.20200102-1) - but it
doesn't seem to be calling iptables-restore at all, but only nft:
~# ifdown wg0
[#] ip -4 rule delete table 51820
[#] ip -4 rule delete table main suppress_prefixlength 0
[#] ip link delete dev wg0
[#] resolvconf -d tun.wg0 -f
[#] nft -f /dev/fd/63
~# apt-cache policy wireguard-tools
wireguard-tools:
Installed: 1.0.20200102-1
Candidate: 1.0.20200121-2
Version table:
1.0.20200121-2 500
500 http://deb.debian.org/debian sid/main amd64 Packages
*** 1.0.20200102-1 100
100 /var/lib/dpkg/status
Celejar
More information about the pkg-netfilter-team
mailing list