Yes, Linux has a "securelevel" and immutable/append-only bits and yes, Linux
is still catching up with "debugging" TCP/IP in the kernel (no, this is not
a reference to packet storming attacks)...
...I've just been searching the diff's for Linux kernel patches for anything
in their ipv4 directory - worth reading these patches (yes, this means 2.0
and 2.1 too) for problems that have `survived' this long.
Give it another year or so to arrive at a point where people won't remove
checks for "sanity" in IP packets or bad make optimisations because it is
recognised as being "reliable" and "efficient" and further change is _WELL