In message <23545.939298203@coconut.itojun.org>itojun@iijlab.net writes
>	I have a small question (maybe I'm sutpid) about
>	sys/netinet6/ip_icmp.c:icmp_mtudisc().
>
>	The function makes cloned route for recording PMTU for peer,
>	and assigns timeout function (icmp_mtudisc_timeout) to the route entry.
>	The function calls rtfree() at the end, so it sets reference count
>	on route entry unchanged.

Right, this works out okay, though:  after the host route is allocated,
the tcppcb pointer to the route is cleared, and the new host route is 
picked up the next time tcp_output is called.  That'll increment the
reference count, so everything is cool, IIRC.

>	My question is, who makes sure that the entry is still there on
>	the call to icmp_mtudisc_timeout(), usually happens 10min later?
>	My imagination was that icmp_mtudisc() would increase reference count
>	on the route entry for that (by NOT calling rtfree()), but the
>	implemented behavior does not match my imagination.  Could someone
>	let me know the trick? (or am I lucky?)

The timeout call is associated with the route, so it gets deleted if
the route gets deleted.  That way, everything is fine, no matter what
what the state of the routing table.

Good luck,

Kevin
kml@logictier.com