>But I feel much happier with my bastion
>host having tried and failed to source route through it, than not knowing
>whether I got the kernel mods right. (Especially when it is Linux, and
>there is no-one to sue if it doesn't do as it claims).
A word of warning... the reason linux is safe *NOW* from source routing
packets is the routines in /usr/src/linux/net/inet/ip.c to do source
routing arent written yet. This WILL change in the future. (Hopefully
with an appropriate #define to turn it off).
>From linux 1.1.11 /usr/src/linux/net/inet/ip.c
/* these two routines will do routing. */
strict_route(struct iphdr *iph, struct options *opt)
loose_route(struct iphdr *iph, struct options *opt)
Please watch your future kernel installs (if you feel the need to do them)
for the implmentation of source routing.