Deny "pipex no" tunnel setting for pppx(4) interfaces. They are useless

with disabled pipex(4), because in such case npppd(8) successfully
establishes connection, but doesn't create corresponding interface, so
the traffic doesn't flow.

This is not applicable for pppac(4) interfaces, they work with disabled
pipex(4).

ok yasuoka@

usr.sbin/npppd/npppd/npppd.conf.5

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: npppd.conf.5,v 1.30 2022/03/31 17:27:30 naddy Exp $
+.\"	$OpenBSD: npppd.conf.5,v 1.31 2023/02/02 09:34:17 mvs Exp $
 .\"
 .\" Copyright (c) 2012 YASUOKA Masahiko <yasuoka@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: March 31 2022 $
+.Dd $Mdocdate: February 2 2023 $
 .Dt NPPPD.CONF 5
 .Os
 .Sh NAME
@@ -362,6 +362,11 @@ variable
 .Va net.pipex.enable
 should also be enabled to use
 .Xr pipex 4 .
+This value must be
+.Dq yes
+for
+.Xr pppx 4
+interfaces.
 .It Ic debug-dump-pktin Ar protocol ...
 If this option is specified,
 .Xr npppd 8

usr.sbin/npppd/npppd/parse.y

@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.25 2021/10/15 15:01:28 naddy Exp $ */
+/*	$OpenBSD: parse.y,v 1.26 2023/02/02 09:34:17 mvs Exp $ */
 
 /*
  * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -924,6 +924,14 @@ bind		: BIND TUNNEL FROM STRING AUTHENTICATED BY STRING TO STRING {
 				free($9);
 				YYERROR;
 			}
+			if (tunn->pipex == 0 && iface->is_pppx) {
+				yyerror("pipex should be enabled for"
+				    " interface %s", $9);
+				free($4);
+				free($7);
+				free($9);
+				YYERROR;
+			}
 			if ((n = malloc(sizeof(struct confbind))) == NULL) {
 				yyerror("out of memory");
 				free($4);