>> Fix a 16 year old bug in the sorting routine for non-contiguous netmasks. > Does our IPSEC code actually _use_ non-continguous netmasks?
I haven't looked at the IPsec code, so this is a guess, but the wording makes it sound as though this is an implementation technique used internally by IPsec rather than being the externally-visible use of noncontiguous netmasks everyone seems to be taking it for. That said, > and most modern network hardware will turn their nose up at them > AFAIK. IMO anything that pretends to implement IPv4 but which doesn't do noncontiguous netasks is simply broken, I don't care whether it comes from Cisco or Netgear or NetBSD. Not, I suppose, that anyone necessarily cares what I consider broken. Slow-path them. Require a sysctl switch (the way we do for source routes). Fine. But outright desupport them? I'd call that a bug, even if it is done deliberately. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML [email protected] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
