summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorClaudio Jeker <claudio@cvs.openbsd.org>2007-02-16 13:41:22 +0000
committerClaudio Jeker <claudio@cvs.openbsd.org>2007-02-16 13:41:22 +0000
commit3e45286e9c97f4bf4efb480dfb32e75e0c757375 (patch)
tree54344605fa89ae233f5d59f4dd2618d14db564c3
parent9f4397c5106f62f2488f78970d51221811db2efa (diff)
Unbreak ppp(8) over tun(4) by restriciting the flags that can be changed
via TUNSIFINFO. ppp(8) was happily clearing the RUNNING flag and so all incomming packets where dropped. Issue reported by irix <at> ukr <dot> net. While there check that the mtu is in a valid range -- stolen from SIOCSIFMTU case.
-rw-r--r--sys/net/if_tun.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/sys/net/if_tun.c b/sys/net/if_tun.c
index d57064f7f53..20b629bb6f0 100644
--- a/sys/net/if_tun.c
+++ b/sys/net/if_tun.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_tun.c,v 1.83 2007/02/06 10:49:40 claudio Exp $ */
+/* $OpenBSD: if_tun.c,v 1.84 2007/02/16 13:41:21 claudio Exp $ */
/* $NetBSD: if_tun.c,v 1.24 1996/05/07 02:40:48 thorpej Exp $ */
/*
@@ -111,6 +111,9 @@ int tundebug = TUN_DEBUG;
#define TUNDEBUG(a) /* (tundebug? printf a : 0) */
#endif
+/* Only these IFF flags are changeable by TUNSIFINFO */
+#define TUN_IFF_FLAGS (IFF_UP|IFF_POINTOPOINT|IFF_MULTICAST|IFF_BROADCAST)
+
extern int ifqmaxlen;
void tunattach(int);
@@ -612,9 +615,15 @@ tunioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p)
switch (cmd) {
case TUNSIFINFO:
tunp = (struct tuninfo *)data;
+ if (tunp->mtu < ETHERMIN || tunp->mtu > TUNMRU) {
+ splx(s);
+ return (EINVAL);
+ }
tp->tun_if.if_mtu = tunp->mtu;
tp->tun_if.if_type = tunp->type;
- tp->tun_if.if_flags = tunp->flags;
+ tp->tun_if.if_flags =
+ (tunp->flags & TUN_IFF_FLAGS) |
+ (tp->tun_if.if_flags & ~TUN_IFF_FLAGS);
tp->tun_if.if_baudrate = tunp->baudrate;
break;
case TUNGIFINFO: