[pkg-netfilter-team] Bug#946996: wireguard-tools: 'wg-quick down' segfaults
Celejar
celejar at gmail.com
Mon Feb 3 18:20:22 GMT 2020
On Tue, 28 Jan 2020 14:14:01 -0500
Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> On Mon 2020-01-27 19:45:36 -0500, Celejar wrote:
> > I think I'm probably missing something, but lately "ifdown wg0" isn't
> > segfaulting (even after downgrading back to 1.0.20200102-1) - but it
> > doesn't seem to be calling iptables-restore at all, but only nft:
>
> Ah, that'd be because you installed nft. If you only had iptables
> installed, and you didn't have nft installed, then you'd exercise the
> different codepath in wg-quick.
Okay, now I've gotten it. I've uninstalled nftables and put in the
debug line, and I get this (with 1.0.20200121-2):
~# ifdown wg0
[#] ip -4 rule delete table 51820
[#] ip -4 rule delete table main suppress_prefixlength 0
[#] ip link delete dev wg0
[#] resolvconf -d tun.wg0 -f
RESTORING: *filter
COMMIT
*nat
COMMIT
*mangle
-D PREROUTING -p udp -m comment --comment "wg-quick(8) rule for wg0" -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-D POSTROUTING -p udp -m mark --mark 0xca6c -m comment --comment "wg-quick(8) rule for wg0" -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff
COMMIT
*raw
COMMIT
[#] iptables-restore -n
/usr/bin/wg-quick: line 29: 2284068 Segmentation fault "$@"
Celejar
More information about the pkg-netfilter-team
mailing list