> 	i believe netbsd/openbsd approach is better, since ICMP redirects
> 	are rare case.

Depends on the network..  If you've got multiple routers connected to
the network (admittedly a rare configuration for the typical
non-transit subnet where most hosts live), redirects become fairly
common..

> 	here are other possible ways to improve the behavior:
> 	- about (1) and (2), have a lowat/hiwat for # of host route entries
> 	  created by ICMP redirects/too bigs (no validation, make sure
> 	  there's no memory overflow).  i'm not sure what is the best
> 	  value for lowat/hiwat.  

When in doubt, make them tuneable..  One redirect/pmtu route per
active socket would be reasonable for a primarily tcp-based workload,
though not for a udp-based workload...

>	  also i'm not sure about how to pick a victim, and how it
>	  will behave under starvation cases.

Hmm.  Possibly hard to implement but likely well behaved under a DoS
flood:

Separarate redirect routes into two categories:
	(a) - routes which have been used to send a packet
	(b) - routes which have not been used.

if set (b) is non-empty, pick a member at random and delete it.
otherwise, pick a member of (a) at random and delete it.

You are thus unlikely to kill a "useful" route..

						- Bill