# HG changeset patch
# User Dan McDonald <danmcd@sun.com>
# Date 1254327153 14400
# Node ID ab0b8119c0e1d7e268554e6b5e56b29de65b377e
# Parent  36de6b202f7ea4e9f84c37e138a4c801aed013a0
6886919 Tunnels accept cleartext when they aren't supposed to.

diff -r 36de6b202f7e -r ab0b8119c0e1 usr/src/uts/common/inet/iptun/iptun.c
--- a/usr/src/uts/common/inet/iptun/iptun.c	Wed Sep 30 10:02:47 2009 -0600
+++ b/usr/src/uts/common/inet/iptun/iptun.c	Wed Sep 30 12:12:33 2009 -0400
@@ -2599,7 +2599,6 @@
 	ipha_t	*outer4, *inner4;
 	ip6_t	*outer6, *inner6;
 	mblk_t	*data_mp = mp;
-	boolean_t ipsec = B_FALSE;
 
 	ASSERT(IPCL_IS_IPTUN(connp));
 	ASSERT(DB_TYPE(mp) == M_DATA || DB_TYPE(mp) == M_CTL);
@@ -2616,7 +2615,6 @@
 			iptun_input_icmp(iptun, mp, data_mp);
 			return;
 		}
-		ipsec = B_TRUE;
 	}
 
 	/*
@@ -2649,14 +2647,12 @@
 			goto drop;
 	}
 
-	if (ipsec) {
-		if (!ipsec_tun_inbound(mp, &data_mp, iptun->iptun_itp, inner4,
-		    inner6, outer4, outer6, outer_hlen, iptun->iptun_ns)) {
-			/* Callee did all of the freeing. */
-			return;
-		}
-		mp = data_mp;
+	if (!ipsec_tun_inbound(mp, &data_mp, iptun->iptun_itp, inner4,
+	    inner6, outer4, outer6, outer_hlen, iptun->iptun_ns)) {
+		/* Callee did all of the freeing. */
+		return;
 	}
+	mp = data_mp;
 
 	if (iptun->iptun_typeinfo->iti_type == IPTUN_TYPE_6TO4 &&
 	    !iptun_in_6to4_ok(iptun, outer4, inner6))