diff options
author | Vitaliy Makkoveev <mvs@cvs.openbsd.org> | 2023-02-02 09:34:18 +0000 |
---|---|---|
committer | Vitaliy Makkoveev <mvs@cvs.openbsd.org> | 2023-02-02 09:34:18 +0000 |
commit | 8f90065c70685da06a8e64cc56bbdb17fda3af71 (patch) | |
tree | e9559587920650fbdf39b44e2975dc26ceb75f28 | |
parent | aac80fa4a19e8b726fbd45a29731d2cf09126e77 (diff) |
Deny "pipex no" tunnel setting for pppx(4) interfaces. They are useless
with disabled pipex(4), because in such case npppd(8) successfully
establishes connection, but doesn't create corresponding interface, so
the traffic doesn't flow.
This is not applicable for pppac(4) interfaces, they work with disabled
pipex(4).
ok yasuoka@
-rw-r--r-- | usr.sbin/npppd/npppd/npppd.conf.5 | 9 | ||||
-rw-r--r-- | usr.sbin/npppd/npppd/parse.y | 10 |
2 files changed, 16 insertions, 3 deletions
diff --git a/usr.sbin/npppd/npppd/npppd.conf.5 b/usr.sbin/npppd/npppd/npppd.conf.5 index 779f17c223f..929d39ce29b 100644 --- a/usr.sbin/npppd/npppd/npppd.conf.5 +++ b/usr.sbin/npppd/npppd/npppd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: npppd.conf.5,v 1.30 2022/03/31 17:27:30 naddy Exp $ +.\" $OpenBSD: npppd.conf.5,v 1.31 2023/02/02 09:34:17 mvs Exp $ .\" .\" Copyright (c) 2012 YASUOKA Masahiko <yasuoka@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 31 2022 $ +.Dd $Mdocdate: February 2 2023 $ .Dt NPPPD.CONF 5 .Os .Sh NAME @@ -362,6 +362,11 @@ variable .Va net.pipex.enable should also be enabled to use .Xr pipex 4 . +This value must be +.Dq yes +for +.Xr pppx 4 +interfaces. .It Ic debug-dump-pktin Ar protocol ... If this option is specified, .Xr npppd 8 diff --git a/usr.sbin/npppd/npppd/parse.y b/usr.sbin/npppd/npppd/parse.y index b3126a0595d..e8f607f5118 100644 --- a/usr.sbin/npppd/npppd/parse.y +++ b/usr.sbin/npppd/npppd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.25 2021/10/15 15:01:28 naddy Exp $ */ +/* $OpenBSD: parse.y,v 1.26 2023/02/02 09:34:17 mvs Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -924,6 +924,14 @@ bind : BIND TUNNEL FROM STRING AUTHENTICATED BY STRING TO STRING { free($9); YYERROR; } + if (tunn->pipex == 0 && iface->is_pppx) { + yyerror("pipex should be enabled for" + " interface %s", $9); + free($4); + free($7); + free($9); + YYERROR; + } if ((n = malloc(sizeof(struct confbind))) == NULL) { yyerror("out of memory"); free($4); |