Understanding Protocol / State Machine

[Iain Douglas]

Hi,

I have been investigating what happens when a peer crashes/goes away for
some reason and the configuration is reset.

My test setup is quite simple, I have 2 peers and one is acting as a
gateway for the other for the remote address 8.8.8.8.
I can ping 8.8.8.8 and traffic goes over the WireGuard link as expected.
When I want to test I delete the key on the peer and add it again. 
Wireguard is te lates version from CentOS repo 0.0.20181218-1.

I see three different things happening depending on when the last
handshake took place.

1. Handshake < 119 seconds ago the link takes ~ 15 seconds to recover
2. Handshake between 120 and 179 seconds ago - 1st packet is lost then
link recovers
3. Handshake >=180 second ago - link just works as normal.

It is (2) that I don't understand. When I look at the packets sent I see

ping out
handshake out
handshake response

No reply to the ping

However for (3) above I see

handshake out
handshake response
ping
ping reply

So for (3) I guess that the ping is queued until after the handshake
occurs.
Having watched Jason's talk at the Linux Plumbers conference I was
expecting what happens at (3) to be at (2).
Can someone enlighten me as to why the first packet at (2) is sent
before the handshake?

Cheers


Iain