[Bug 290768] if_wg(4): handshake response has src and dst reverse

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290768

--- Comment #10 from relvy <it@vineyard-sha.de> ---
(In reply to Kyle Evans from comment #8)

I tested the patch on top of the other one.

tcpdump output:
08:29:57.135466 e0:28:6d:89:6b:02 > 00:00:5e:00:01:01, ethertype IPv4 (0x0800),
length 190: a.b.c.d.23423 > 192.168.178.2.51820: UDP, length 148
08:29:57.135523 00:90:27:e6:33:13 > e0:28:6d:89:6b:02, ethertype IPv4 (0x0800),
length 190: a.b.c.d.23423 > 192.168.178.2.51820: UDP, length 148
08:30:02.246290 e0:28:6d:89:6b:02 > 00:00:5e:00:01:01, ethertype IPv4 (0x0800),
length 190: a.b.c.d.23423 > 192.168.178.2.51820: UDP, length 148
08:30:02.246315 00:90:27:e6:33:13 > e0:28:6d:89:6b:02, ethertype IPv4 (0x0800),
length 190: a.b.c.d.23423 > 192.168.178.2.51820: UDP, length 148

I see no incoming traffic when I initiate the VPN from my peer.
I see only the reply with correct src / dst IP and with reversed src / dst
port.

In dmesg I still see the error code 47 (EAFNOSUPPORT)

[330] wg1: Handshake for peer 1 did not complete after 5 seconds, retrying (try
12)
[330] wg1: Sending handshake initiation to peer 1
[330] wg1: Unable to send packet: 47

"wg show" shows a difference with this patch.

Without this patch:

$ wg show
interface: wg1
  public key: <secret>
  listening port: 51820

peer: <secret>
  endpoint: a.b.c.d:51820
  allowed ips: 10.251.0.3/32
  transfer: 0 B received, 261.17 KiB sent
  persistent keepalive: every 30 seconds

With this patch there is no endpoint recorded because the incoming traffic is
"missing":

$ wg show
interface: wg1
  public key: <secret>
  listening port: 51820

peer: <secret>
  allowed ips: 10.251.0.3/32
  transfer: 0 B received, 11.27 KiB sent
  persistent keepalive: every 30 seconds

-- 
You are receiving this mail because:
You are the assignee for the bug.