Kevin Lahey writes:
In message <199702151605.LAA10726@Twig.Rodents.Montreal.QC.CA>der Mouse writes
>>      NetBSD ships with 'net.inet.ip.forwsrcrt = 1'.  This means it
>>      will forward source routed packets.
>
>This is as it should be.  Source routes are in IP for a reason, and
>they're useful in some cases (most cases where I've wished for them
>have been fault isolation debugging).  Yes, it's unfortunate that there
>are a lot of hosts out there that handle them wrong, but that's not the
>fault of source routes and breaking source routes is the wrong fix.

>I kind of liked the other idea in this pr, namely, adding an option
>to discard source routed packets as they arrive, so that they don't
>make it up the protocol stack.  RFC1122 explicitly states that
>source routed packets MUST be handed up the protocol state, but
>perhaps it was a product of a kinder and gentler age.  It would
>be really easy to add 'net.inet.ip.acceptsrcrt'.
>
>Would anyone object to such an addition?

How about the alternative:

	net.inet.ip.drop.src-rt

I find the `drop' names reflect the intent more clearly.  It's more
extensible and consisent with, e.g., ip_fil usage, too.  
Is there any other IP traffic that one would want toggles to drop?