Hello,

On Mon, Jun 17, 2024 at 02:19:05PM +0200, Alexander Bluhm wrote:
> Hi,
> 
> In IPv4 we use IP_FORWARDING to pass down a consistent value of
> net.inet.ip.forwarding down the stack.  This is needed for unlocking
> sysctl.  I would like to do the same for IPv6.
> 
> Read ip6_forwarding once in ip6_input_if() and pass down IPV6_FORWARDING
> as flags to ip6_ours(), ip6_hbhchcheck(), ip6_forward().  Replace
> the srcrt value with IPV6_REDIRECT flag for consistency with IPv4.
> 
> To have consistent syntax with IPv4, use ip6_forwarding == 0 checks
> instead of !ip6_forwarding.  This will also make it easier to
> implement net.inet6.ip6.forwarding=2 for IPsec only forwarding
> later.
> 
> There is a little change for IPv4 behavior.  Before we did accept
> redirects if ip_forwarding == 2 in icmp_input_if(), now we reject
> them for 1 and 2.  Claudio had some concerns here and I think he
> is right.  I have to make the same decision for IPv6.
> 
> In nd6_ns_input() and nd6_na_input() I read ip6_forwarding once and
> store it in i_am_router.  The variable name is chosen to avoid
> confusion with is_router, which indicates router flag of the packet.
> Reading of ip6_forwarding is done independently from ip6_input_if(),
> consistency does not really matter.  One is for ND router befavior
> the other for forwarding.  Again I use the ip6_forwarding != 0
> check, so when ip6_forwarding IPsec only value 2 gets implemented,
> it will behave like a router.
> 
> ok?
> 

this change looks good to me.

OK sashan