> Fix a 16 year old bug in the sorting routine for non-contiguous netmasks.
[...] Does our IPSEC code actually _use_ non-continguous netmasks? While RFC950 technically allows them, they're "recommended against", and most modern network hardware will turn their nose up at them AFAIK. (Note that I'm not saying that there isn't a bug in the way this routine is used - but if non-contiguous netmasks are used elsewhere, I'd be very surprised if other pieces of code also were not similarly 'buggy'.)