In some email I received from Bill Sommerfeld, sie wrote:
> > 	here are other possible ways to improve the behavior:
> > 	- about (1) and (2), have a lowat/hiwat for # of host route entries
> > 	  created by ICMP redirects/too bigs (no validation, make sure
> > 	  there's no memory overflow).  i'm not sure what is the best
> > 	  value for lowat/hiwat.  
> 
> When in doubt, make them tuneable..  One redirect/pmtu route per
> active socket would be reasonable for a primarily tcp-based workload,
> though not for a udp-based workload...

What's the logic over this being different for TCP vs UDP ?
Last I checked, packets were routed, not circuits.
Or are you saying that in general, a "UDP session" runs longer than
any TCP one ?  e.g. named talking to a forwarder (or . named's) is
likely to persist beyond even most long lived ssh connections.

> >	  also i'm not sure about how to pick a victim, and how it
> >	  will behave under starvation cases.
> 
> Hmm.  Possibly hard to implement but likely well behaved under a DoS
> flood:
> 
> Separarate redirect routes into two categories:
> 	(a) - routes which have been used to send a packet
> 	(b) - routes which have not been used.
> 
> if set (b) is non-empty, pick a member at random and delete it.
> otherwise, pick a member of (a) at random and delete it.

Why would (b) exist except for packets to have been routed with it?
How many pathologic cases are there likely to be where it is packet
out, redirect in and no more packets out ?

Darren