IPv6 per-interface forwarding via force_forwarding sysctl

[Copilot]

Description

IPv6's forwarding sysctl behaves differently than IPv4 - it cannot be disabled per-interface, only globally. Linux 6.17+ provides force_forwarding which enables true per-interface control, correctly mapping to ietf-ip.yang semantics.

Configuration (confd)

• Use net.ipv6.conf.<iface>.force_forwarding for per-interface control
• Use net.ipv6.conf.all.force_forwarding for global setting
• Added kernel documentation references in code comments

Operational State (statd)

• Read force_forwarding sysctl when determining routing interfaces
• Updated get_routing_interfaces() to check both IPv4 and IPv6 forwarding

Platform

• Bumped riscv64 kernel 6.8.2 → 6.18.7 to match other platforms and enable new sysctl

Documentation

• Updated doc/ip.md with force_forwarding explanation and kernel documentation quotes
• Added ChangeLog entry

Testing

• New regression test at test/case/interfaces/routing_ipv6/
• Verifies bidirectional forwarding enable/disable with single DUT, two data interfaces

// Before: Standard IPv6 forwarding (global only)
fprintf(sysctl, "net.ipv6.conf.all.forwarding = %d\n", ena);

// After: Per-interface control via force_forwarding
fprintf(sysctl, "net.ipv6.conf.all.force_forwarding = %d\n", ena);
fprintf(sysctl, "net.ipv6.conf.%s.force_forwarding = %d\n", ifname, ena);

Checklist

Tick relevant boxes, this PR is-a or has-a:

• Bugfix
  • Regression tests
  • ChangeLog updates (for next release)
• Feature
  • YANG model change => revision updated?
  • Regression tests added?
  • ChangeLog updates (for next release)
  • Documentation added?
• Test changes
  • Checked in changed Readme.adoc (make test-spec)
  • Added new test to group Readme.adoc and yaml file
• Code style update (formatting, renaming)
• Refactoring (please detail in commit messages)
• Build related changes
• Documentation content changes
  • ChangeLog updated (for major changes)
• Other (please describe):

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Handle IPv6 forwarding with netfilter</issue_title>
<issue_description>Compared to /proc/sys/net/ipv4/conf/forwarding, /proc/sys/net/ipv6/conf/forwarding is not working in the same way. For details, see https://docs.kernel.org/networking/ip-sysctl.html

/proc/sys/net/ipv6/conf/all/forwarding is enabled by default and can only be overridden per interface with a netfilter rule: disabling forwarding of IPv6 traffic on ingress, when yang ipv6 forwarding is disabled.

</issue_description>

<agent_instructions>The initial issue description is slightly outdated, the follow-up comment I made Dec 5, 2005 describes the real fix that we need to do to map the ietf-ip.yang IPv6 setting to the new the force-forwarding sysctl. This can now be used since we've switched all platforms except riscv64, so the secondary objective for you is to bump the riscv platform to the same 6.18.x kernel version as the other boards have.

Note: we have two types of defconfigs in this Buildroot derivative, boot and regular, the latter are sub-divided into full and minimal, only the minimal ones have it in the name.

The code to change in your primary objective is located in src/confd/src/ and the corresponding YANG model(s) are in src/confd/yang/ -- good luck, and please get back to me if you have any further questions.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

@troglobit Great news, in [Linux 6.17](https://lore.kernel.org/netdev/20250727013451.2436467-1-kuba@kernel.org/) the IPv6 sysctl [per-interface option `force_forwarding`](https://lore.kernel.org/netdev/175348186474.3265195.6030564834693464068.git-patchwork-notify@kernel.org/) was merged! @wkz > Great news, in [Linux 6.17](https://lore.kernel.org/netdev/20250727013451.2436467-1-kuba@kernel.org/) the IPv6 sysctl [per-interface option `force_forwarding`](https://lore.kernel.org/netdev/175348186474.3265195.6030564834693464068.git-patchwork-notify@kernel.org/) was merged!

Great find!</comment_new>

• Fixes Handle IPv6 forwarding with netfilter #515

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.