moment,

This removes the route-table code from snmpd (it's changed a bit
in the donor, ospfd, since it was borrowed; removal done with messy
#if 0 and // as a proof of concept), and filters the route socket.

Result: don't needlessly burn cpu cycles when a BGP session
bounces and you reload 300,000 routes, the RDE can make slightly
better use of them at that point in time.

I'm mostly throwing it out for discussion at this point.. I'm not
sure whether we want to remove all of this as we might at some point
want snmpd to have access to routing tables (but in that situation,
it would probably make more sense to only do this on-demand i.e.
if the table is requested, unfilter the socket, ask for a table dump
and filter it again).

Index: kroute.c
===================================================================
RCS file: /cvs/src/usr.sbin/snmpd/kroute.c,v
retrieving revision 1.8
diff -u -p -r1.8 kroute.c
--- kroute.c	25 Jun 2009 17:02:30 -0000	1.8
+++ kroute.c	3 Feb 2010 11:39:23 -0000
@@ -55,11 +55,13 @@ struct {
 	u_long			 ks_iflastchange;
 } kr_state;
 
+#if 0
 struct kroute_node {
 	RB_ENTRY(kroute_node)	 entry;
 	struct kroute		 r;
 	struct kroute_node	*next;
 };
+#endif
 
 struct kif_node {
 	RB_ENTRY(kif_node)	 entry;
@@ -67,6 +69,7 @@ struct kif_node {
 	struct kif		 k;
 };
 
+#if 0
 int			 kroute_compare(struct kroute_node *, struct kroute_node *);
 struct kroute_node	*kroute_find(in_addr_t, u_int8_t);
 struct kroute_node	*kroute_match(in_addr_t);
@@ -74,6 +77,7 @@ struct kroute_node	*kroute_matchgw(struc
 int			 kroute_insert(struct kroute_node *);
 int			 kroute_remove(struct kroute_node *);
 void			 kroute_clear(void);
+#endif
 
 int			 kif_init(void);
 int			 kif_compare(struct kif_node *, struct kif_node *);
@@ -94,7 +98,7 @@ u_int16_t		 rtlabel_name2id(const char *
 const char		*rtlabel_id2name(u_int16_t);
 void			 rtlabel_unref(u_int16_t);
 
-int			 protect_lo(void);
+//int			 protect_lo(void);
 u_int8_t		 prefixlen_classful(in_addr_t);
 u_int8_t		 mask2prefixlen(in_addr_t);
 in_addr_t		 prefixlen2mask(u_int8_t);
@@ -111,9 +115,11 @@ void			 dispatch_rtmsg(int, short, void 
 int			 fetchifs(u_short);
 int			 fetchtable(void);
 
+#if 0
 RB_HEAD(kroute_tree, kroute_node)	krt;
 RB_PROTOTYPE(kroute_tree, kroute_node, entry, kroute_compare)
 RB_GENERATE(kroute_tree, kroute_node, entry, kroute_compare)
+#endif
 
 RB_HEAD(kif_tree, kif_node)		kit;
 RB_PROTOTYPE(kif_tree, kif_node, entry, kif_compare)
@@ -137,7 +143,7 @@ kif_init(void)
 int
 kr_init(void)
 {
-	int		opt = 0, rcvbuf, default_rcvbuf;
+	int		opt = 0, rcvbuf, default_rcvbuf, rtfilter;
 	socklen_t	optlen;
 
 	if (kif_init() == -1)
@@ -158,6 +164,15 @@ kr_init(void)
 	    &opt, sizeof(opt)) == -1)
 		log_warn("kr_init: setsockopt");	/* not fatal */
 
+/***/
+	rtfilter = ROUTE_FILTER(RTM_NEWADDR) | ROUTE_FILTER(RTM_DELADDR) |
+	    ROUTE_FILTER(RTM_IFINFO) | ROUTE_FILTER(RTM_IFANNOUNCE);
+
+	if (setsockopt(kr_state.ks_fd, PF_ROUTE, ROUTE_MSGFILTER,
+	    &rtfilter, sizeof(rtfilter)) == -1)
+		log_warn("setsockopt(ROUTE_MSGFILTER): %m");	/* not fatal */
+/***/
+
 	/* grow receive buffer, don't wanna miss messages */
 	optlen = sizeof(default_rcvbuf);
 	if (getsockopt(kr_state.ks_fd, SOL_SOCKET, SO_RCVBUF,
@@ -174,6 +189,7 @@ kr_init(void)
 	kr_state.ks_pid = getpid();
 	kr_state.ks_rtseq = 1;
 
+#if 0
 	RB_INIT(&krt);
 
 	if (fetchtable() == -1)
@@ -181,6 +197,7 @@ kr_init(void)
 
 	if (protect_lo() == -1)
 		return (-1);
+#endif
 
 	event_set(&kr_state.ks_ev, kr_state.ks_fd, EV_READ | EV_PERSIST,
 	    dispatch_rtmsg, NULL);
@@ -192,7 +209,7 @@ kr_init(void)
 void
 kr_shutdown(void)
 {
-	kroute_clear();
+//	kroute_clear();
 	kif_clear();
 }
 
@@ -220,6 +237,7 @@ kr_updateif(u_int if_index)
 	return (fetchifs(if_index));
 }
 
+#if 0
 /* rb-tree compare */
 int
 kroute_compare(struct kroute_node *a, struct kroute_node *b)
@@ -234,6 +252,7 @@ kroute_compare(struct kroute_node *a, st
 		return (1);
 	return (0);
 }
+#endif
 
 int
 kif_compare(struct kif_node *a, struct kif_node *b)
@@ -247,6 +266,7 @@ ka_compare(struct kif_addr *a, struct ki
 	return (memcmp(&a->addr, &b->addr, sizeof(struct in_addr)));
 }
 
+#if 0
 /* tree management */
 struct kroute_node *
 kroute_find(in_addr_t prefix, u_int8_t prefixlen)
@@ -258,7 +278,9 @@ kroute_find(in_addr_t prefix, u_int8_t p
 
 	return (RB_FIND(kroute_tree, &krt, &s));
 }
+#endif
 
+#if 0
 struct kroute_node *
 kroute_matchgw(struct kroute_node *kr, struct in_addr nh)
 {
@@ -274,7 +296,9 @@ kroute_matchgw(struct kroute_node *kr, s
 
 	return (NULL);
 }
+#endif
 
+#if 0
 int
 kroute_insert(struct kroute_node *kr)
 {
@@ -359,6 +383,7 @@ kroute_clear(void)
 	while ((kr = RB_MIN(kroute_tree, &krt)) != NULL)
 		kroute_remove(kr);
 }
+#endif
 
 struct kif_node *
 kif_find(u_short if_index)
@@ -510,6 +535,7 @@ kif_validate(u_short if_index)
 	return (kif->k.if_nhreachable);
 }
 
+#if 0
 struct kroute_node *
 kroute_match(in_addr_t key)
 {
@@ -527,6 +553,7 @@ kroute_match(in_addr_t key)
 
 	return (NULL);
 }
+#endif
 
 struct kif_addr *
 ka_insert(u_short if_index, struct kif_addr *ka)
@@ -586,6 +613,7 @@ kr_getnextaddr(struct in_addr *in)
 	return (ka);
 }
 
+#if 0
 /* misc */
 int
 protect_lo(void)
@@ -606,6 +634,7 @@ protect_lo(void)
 
 	return (0);
 }
+#endif
 
 u_int8_t
 prefixlen_classful(in_addr_t ina)
@@ -664,7 +693,7 @@ get_rtaddrs(int addrs, struct sockaddr *
 void
 if_change(u_short if_index, int flags, struct if_data *ifd)
 {
-	struct kroute_node	*kr, *tkr;
+//	struct kroute_node	*kr, *tkr;
 	struct kif		*kif;
 	u_int8_t		 reachable;
 
@@ -688,6 +717,7 @@ if_change(u_short if_index, int flags, s
 	main_imsg_compose_ospfe(IMSG_IFINFO, 0, kif, sizeof(struct kif));
 #endif
 
+#if 0
 	/* update redistribute list */
 	RB_FOREACH(kr, kroute_tree, &krt) {
 		for (tkr = kr; tkr != NULL; tkr = tkr->next) {
@@ -699,6 +729,7 @@ if_change(u_short if_index, int flags, s
 			}
 		}
 	}
+#endif
 }
 
 void
@@ -775,6 +806,7 @@ if_announce(void *msg)
 	}
 }
 
+#if 0
 int
 fetchtable(void)
 {
@@ -881,6 +913,7 @@ fetchtable(void)
 	free(buf);
 	return (0);
 }
+#endif
 
 int
 fetchifs(u_short if_index)
@@ -967,13 +1000,13 @@ dispatch_rtmsg(int fd, short event, void
 	struct if_msghdr	 ifm;
 	struct ifa_msghdr	*ifam;
 	struct sockaddr		*sa, *rti_info[RTAX_MAX];
-	struct sockaddr_in	*sa_in;
-	struct sockaddr_rtlabel	*label;
-	struct kroute_node	*kr, *okr;
+//	struct sockaddr_in	*sa_in;
+//	struct sockaddr_rtlabel	*label;
+//	struct kroute_node	*kr, *okr;
 	struct in_addr		 prefix, nexthop;
 	u_int8_t		 prefixlen;
 	int			 flags, mpath;
-	u_short			 if_index = 0;
+//	u_short			 if_index = 0;
 
 	if ((n = read(fd, &buf, sizeof(buf))) == -1) {
 		log_warn("dispatch_rtmsg: read error");
@@ -996,7 +1029,7 @@ dispatch_rtmsg(int fd, short event, void
 		flags = F_KERNEL;
 		nexthop.s_addr = 0;
 		mpath = 0;
-
+#if 0
 		if (rtm->rtm_type == RTM_ADD || rtm->rtm_type == RTM_CHANGE ||
 		    rtm->rtm_type == RTM_DELETE) {
 			sa = (struct sockaddr *)(next + rtm->rtm_hdrlen);
@@ -1057,8 +1090,9 @@ dispatch_rtmsg(int fd, short event, void
 				}
 			}
 		}
-
+#endif
 		switch (rtm->rtm_type) {
+#if 0
 		case RTM_ADD:
 		case RTM_CHANGE:
 			if (nexthop.s_addr == 0 && !(flags & F_CONNECTED)) {
@@ -1149,6 +1183,7 @@ add:
 			if (kroute_remove(kr) == -1)
 				return;
 			break;
+#endif
 		case RTM_IFINFO:
 			memcpy(&ifm, next, sizeof(ifm));
 			if_change(ifm.ifm_index, ifm.ifm_flags,