On 2020-10-29, Pierre Emeriaud <[email protected]> wrote: > Le jeu. 29 oct. 2020 à 01:20, Theo de Raadt <[email protected]> a écrit : >> >> I believe you are running into the restriction that we don't allow an >> INADDR_ANY:port binding to be done after a ipaddr:port binding has been >> done. It must be done beforehands. > > Sorry Theo, maybe things got lost in translation, but if my > understanding is correct this is not exactly the case here. wg is > trying to bind to INADDR_ANY, which fails because a dns daemon (in my > case) is already bound to 127.0.0.1:53 (in wg_socket_open() -L700 of > if_wg.c-, sin->sin_addr.s_addr = INADDR_ANY?).
There are extra restrictions, to prevent some software "stealing" packets intended for some other software. In userland software that wants to coexist with other software on the same pprt hut a different bound IP needs to use SO_REUSEADDR (I forgot exactly how the restriction work though). The problem you are seeing might be related to this. Which DNS server do you have bound on 53? > Is there a reason why wg needs such a large bind? Unless/until it gets an option to bind to a specific IP that's all it can sanely do. It would definitely be useful IMO.
