From nobody Tue Nov 11 07:33:59 2025
X-Original-To: net@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4d5JF45vB4z6Fy9K
	for <net@mlmmj.nyi.freebsd.org>; Tue, 11 Nov 2025 07:34:00 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4d5JF43qBJz43CL
	for <net@FreeBSD.org>; Tue, 11 Nov 2025 07:34:00 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1762846440;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=TLhisWR/4Nop7dwXbXp45e0luHBI6Xo3DTt/jKElIsI=;
	b=ZgbMqBVmCM9Z/82LFwcsPtF/q/g6sYkr7AQWw6fzzH/vy3HCCNhjDbDxO+jf/vD4RDfAl3
	rj7DuQ6mT2v+BQ/2R+naXsMOYN5pZZ7hYeWjbhCR+od5Fi5AjURbh5un81AxhB6FzMtOS4
	cs3WBmIuUodZUnHFNRNgO8c8cq09SmRU0AhTYG/8uvBtrATHYu5tBa1jjuo4HDgyeFqfKk
	TnSz7FYtvlNQY41JTBHsu3niVig+z1xZPvks9bkjvF6BmOZ4y4pD8OE/Rl0sQ9sAZr9gN1
	9tRJyxVOi9/LTTqpKUDBB9JmhJMtSJinr3lam1aBdV1W/XKUCIJEclwPNxCmyQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1762846440;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=TLhisWR/4Nop7dwXbXp45e0luHBI6Xo3DTt/jKElIsI=;
	b=h7cM8vz9PiWSAgGlifaWbpPHMBGSal3abx0p2Ra+76t/QI/33BcrE9V5WBKeWXSs0kVN85
	w0hMfAbxnmhxJzXF2wGRYseeN9s1wA8rPsaxK+tOyiNm61pEr7k1P+g7x3vS252/QklNHA
	HHtv1H7U25C1ukLY1UEoE5zDgRwS4XhvyqMLwBKb11wtB7J0UPhMwE9PJXSuUXA5t3E049
	760ERVkqH+5P19xSgnkQueLC1QnIWTa9HtuFwBx8gb9mQLLxJmiFBqU2qzfGrqa6zvMSsI
	aMCaQ3SiC2tlDD8gLBQYe7sYp3d9ag88r0vCluH13s4pT1AgAlcizNsnBla1vQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1762846440; a=rsa-sha256; cv=none;
	b=Uh5ek//P0tBFJIp7oB4ffF+2fjyLy8cprwtoMuN+bI7+mzaA8fBjFOq2g16nFMEbXZwY9A
	qGbZWwqLOyjM0Qsx+GbijVVF2UEWialhmctL77eXdnS7R4V4t/FVITp7EcaNfGnbFjj1AI
	oJk5lGPvMO7ttzOFJJTpPgIB9fP2HX7lxu9FXpsZ9NNyYkoL2EgiOXScvpQqr1AyZgf4fb
	o7VzXV7go26aN9P4H+n6wwTfumz2kaKfOaIFtKHWw+mAi+Rw6Z5mDRcaqJ596h5CZc6T2X
	QqMvhGk6mYIQ95aUGAgOB6SKxx0NGCU4bjVPAYFXWpNhwK0vZHoFWyGM8au+Rw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4d5JF43HwGzvdl
	for <net@FreeBSD.org>; Tue, 11 Nov 2025 07:34:00 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 5AB7Y04U004277
	for <net@FreeBSD.org>; Tue, 11 Nov 2025 07:34:00 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 5AB7Y0F4004276
	for net@FreeBSD.org; Tue, 11 Nov 2025 07:34:00 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: net@FreeBSD.org
Subject: [Bug 290768] if_wg(4): handshake response has src and dst reverse
Date: Tue, 11 Nov 2025 07:33:59 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 14.3-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: it@vineyard-sha.de
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: net@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-290768-7501-IZRwMTfQIi@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-290768-7501@https.bugs.freebsd.org/bugzilla/>
References: <bug-290768-7501@https.bugs.freebsd.org/bugzilla/>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-net
List-Help: <mailto:freebsd-net+help@freebsd.org>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Subscribe: <mailto:freebsd-net+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-net+unsubscribe@freebsd.org>
Sender: owner-freebsd-net@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D290768

--- Comment #10 from relvy <it@vineyard-sha.de> ---
(In reply to Kyle Evans from comment #8)

I tested the patch on top of the other one.

tcpdump output:
08:29:57.135466 e0:28:6d:89:6b:02 > 00:00:5e:00:01:01, ethertype IPv4 (0x08=
00),
length 190: a.b.c.d.23423 > 192.168.178.2.51820: UDP, length 148
08:29:57.135523 00:90:27:e6:33:13 > e0:28:6d:89:6b:02, ethertype IPv4 (0x08=
00),
length 190: a.b.c.d.23423 > 192.168.178.2.51820: UDP, length 148
08:30:02.246290 e0:28:6d:89:6b:02 > 00:00:5e:00:01:01, ethertype IPv4 (0x08=
00),
length 190: a.b.c.d.23423 > 192.168.178.2.51820: UDP, length 148
08:30:02.246315 00:90:27:e6:33:13 > e0:28:6d:89:6b:02, ethertype IPv4 (0x08=
00),
length 190: a.b.c.d.23423 > 192.168.178.2.51820: UDP, length 148

I see no incoming traffic when I initiate the VPN from my peer.
I see only the reply with correct src / dst IP and with reversed src / dst
port.

In dmesg I still see the error code 47 (EAFNOSUPPORT)

[330] wg1: Handshake for peer 1 did not complete after 5 seconds, retrying =
(try
12)
[330] wg1: Sending handshake initiation to peer 1
[330] wg1: Unable to send packet: 47

"wg show" shows a difference with this patch.

Without this patch:

$ wg show
interface: wg1
  public key: <secret>
  listening port: 51820

peer: <secret>
  endpoint: a.b.c.d:51820
  allowed ips: 10.251.0.3/32
  transfer: 0 B received, 261.17 KiB sent
  persistent keepalive: every 30 seconds

With this patch there is no endpoint recorded because the incoming traffic =
is
"missing":

$ wg show
interface: wg1
  public key: <secret>
  listening port: 51820

peer: <secret>
  allowed ips: 10.251.0.3/32
  transfer: 0 B received, 11.27 KiB sent
  persistent keepalive: every 30 seconds

--=20
You are receiving this mail because:
You are the assignee for the bug.=