npppd(8) clears these flags before it releases IP address assigned to
pipex(4) session. This IP could be used for other session, so we should
not process packets when these flags are not set.
We do PIPEX_SFLAGS_IP{,6}_FORWARD flags check within pipex_ip_output()
called by pppac_qstart(), but the pppx_if_qstart() has this check
missing on pipex(4) output path. Do the check and purge packets if these
flags are not set.
Index: sys/net/if_pppx.c
===================================================================
RCS file: /cvs/src/sys/net/if_pppx.c,v
retrieving revision 1.116
diff -u -p -r1.116 if_pppx.c
--- sys/net/if_pppx.c 26 Jun 2022 15:50:21 -0000 1.116
+++ sys/net/if_pppx.c 26 Jun 2022 22:34:24 -0000
@@ -802,6 +802,13 @@ pppx_if_qstart(struct ifqueue *ifq)
int proto;
NET_ASSERT_LOCKED();
+
+ if ((pxi->pxi_session->flags & (PIPEX_SFLAGS_IP_FORWARD |
+ PIPEX_SFLAGS_IP6_FORWARD)) == 0) {
+ ifq_purge(ifq);
+ return;
+ }
+
while ((m = ifq_dequeue(ifq)) != NULL) {
proto = *mtod(m, int *);
m_adj(m, sizeof(proto));
