Implement IPv6 forwarding IPsec only.

IPsec gateways set the forwarding sysctl to 2.  While this worked
for IPv4 since a long time, adapt this feature for IPv6 now.  Set
sysctl net.inet6.ip6.forwarding=2 to forward only packets that have
been processed by IPsec.

Set IPV6_FORWARDING_IPSEC in ip6_input() and pass the flag down to
the call stack.  This provides consistent view on global variable
ip6_forwarding.  In ip6_output() or ip6_forward() drop packets that
do not match the policy.

OK denis@

0 files changed, 0 insertions, 0 deletions