summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVitaliy Makkoveev <mvs@cvs.openbsd.org>2023-02-02 09:34:18 +0000
committerVitaliy Makkoveev <mvs@cvs.openbsd.org>2023-02-02 09:34:18 +0000
commit8f90065c70685da06a8e64cc56bbdb17fda3af71 (patch)
treee9559587920650fbdf39b44e2975dc26ceb75f28
parentaac80fa4a19e8b726fbd45a29731d2cf09126e77 (diff)
Deny "pipex no" tunnel setting for pppx(4) interfaces. They are useless
with disabled pipex(4), because in such case npppd(8) successfully establishes connection, but doesn't create corresponding interface, so the traffic doesn't flow. This is not applicable for pppac(4) interfaces, they work with disabled pipex(4). ok yasuoka@
-rw-r--r--usr.sbin/npppd/npppd/npppd.conf.59
-rw-r--r--usr.sbin/npppd/npppd/parse.y10
2 files changed, 16 insertions, 3 deletions
diff --git a/usr.sbin/npppd/npppd/npppd.conf.5 b/usr.sbin/npppd/npppd/npppd.conf.5
index 779f17c223f..929d39ce29b 100644
--- a/usr.sbin/npppd/npppd/npppd.conf.5
+++ b/usr.sbin/npppd/npppd/npppd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: npppd.conf.5,v 1.30 2022/03/31 17:27:30 naddy Exp $
+.\" $OpenBSD: npppd.conf.5,v 1.31 2023/02/02 09:34:17 mvs Exp $
.\"
.\" Copyright (c) 2012 YASUOKA Masahiko <yasuoka@openbsd.org>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: March 31 2022 $
+.Dd $Mdocdate: February 2 2023 $
.Dt NPPPD.CONF 5
.Os
.Sh NAME
@@ -362,6 +362,11 @@ variable
.Va net.pipex.enable
should also be enabled to use
.Xr pipex 4 .
+This value must be
+.Dq yes
+for
+.Xr pppx 4
+interfaces.
.It Ic debug-dump-pktin Ar protocol ...
If this option is specified,
.Xr npppd 8
diff --git a/usr.sbin/npppd/npppd/parse.y b/usr.sbin/npppd/npppd/parse.y
index b3126a0595d..e8f607f5118 100644
--- a/usr.sbin/npppd/npppd/parse.y
+++ b/usr.sbin/npppd/npppd/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.25 2021/10/15 15:01:28 naddy Exp $ */
+/* $OpenBSD: parse.y,v 1.26 2023/02/02 09:34:17 mvs Exp $ */
/*
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -924,6 +924,14 @@ bind : BIND TUNNEL FROM STRING AUTHENTICATED BY STRING TO STRING {
free($9);
YYERROR;
}
+ if (tunn->pipex == 0 && iface->is_pppx) {
+ yyerror("pipex should be enabled for"
+ " interface %s", $9);
+ free($4);
+ free($7);
+ free($9);
+ YYERROR;
+ }
if ((n = malloc(sizeof(struct confbind))) == NULL) {
yyerror("out of memory");
free($4);