It has always bugged me that rtalloc() can potentially overwrite ro->ro_rt
when ro_rt != NULL, without first RTFREE()'ing ro_rt.  Will anybody object
if I rewrite rtalloc() in this way, and check it in?  I will take the
printf out just as soon as anyone sees it, but I do want to see if the
memory leak that the old code logically implies does actually happen in
the wild.

I have in mind some other changes to rtalloc().  More on that, later.

/*
 * Packet routing routines.
 */
void
rtalloc(struct route *ro)
{
        if (ro->ro_rt == NULL)
                ;
        else if (ro->ro_rt->rt_ifp == NULL ||
                 (ro->ro_rt->rt_flags & RTF_UP) == 0) {
                printf("%s: freeing ro->rt_rt\n", __func__);
                RTFREE(ro->ro_rt);
        } else
                return;
        ro->ro_rt = rtalloc1(&ro->ro_dst, 1);
}

Dave

-- 
David Young             OJC Technologies
dyoung@ojctech.com      Urbana, IL * (217) 278-3933