Re: sysctl ip.forwarding 2

[Klemens Nanni]

On Fri, Jan 15, 2021 at 02:07:56PM +0100, Alexander Bluhm wrote:
> As documented in sysctl(2) net.inet.ip.forwarding can be 2.
> 
> netinet/ip_output.c:448
>       if (ipsec_in_use && (flags & IP_FORWARDING) && (ipforwarding == 2) &&
> 
> Current input validation prevents this.  
> # sysctl net.inet.ip.forwarding=2
> sysctl: net.inet.ip.forwarding: Invalid argument
> 
> Also change bool check to integer comparison consistently.
That reads OK (still building to test the other af-to diff on my router).