DF-0409
Unprivileged users can install IP source-route options (LSRR/SSRR) without privilege check
Summary
ip_ctloutput IP_OPTIONS(:1097-1118) accepts LSRR/SSRR from any socket owner with no priv_check/cap check. ip_pcbopts(:1374-1402) happily installs source-routed options. Unprivileged user emits source-routed packets -> ARP/IP spoofing, ingress-filter bypass. Modern BSDs/Linux require privilege. Policy/hardening gap.