3 files changed, 30 insertions, 11 deletions

diff --git a/usr/src/cmd/cmd-inet/usr.sbin/ping/ping.c b/usr/src/cmd/cmd-inet/usr.sbin/ping/ping.c
index d851dce613..b6f8416623 100644
--- a/usr/src/cmd/cmd-inet/usr.sbin/ping/ping.c
+++ b/usr/src/cmd/cmd-inet/usr.sbin/ping/ping.c
@@ -1298,13 +1298,24 @@ setup_socket(int family, int *send_sockp, int *recv_sockp, int *if_index,
 
 		if (setsockopt(recv_sock, (family == AF_INET) ? IPPROTO_IP :
 		    IPPROTO_IPV6, IP_SEC_OPT, &req, sizeof (req)) < 0) {
-			if (errno == EPERM)
+			switch (errno) {
+			case EPROTONOSUPPORT:
+				/*
+				 * No IPsec subsystem or policy loaded.
+				 * Bypass implicitly allowed.
+				 */
+				break;
+			case EPERM:
 				Fprintf(stderr, "%s: Insufficient privilege "
 				    "to bypass IPsec policy.\n", progname);
-			else
+				exit(EXIT_FAILURE);
+				break;
+			default:
 				Fprintf(stderr, "%s: setsockopt %s\n", progname,
 				    strerror(errno));
-			exit(EXIT_FAILURE);
+				exit(EXIT_FAILURE);
+				break;
+			}
 		}
 	}
 
@@ -1324,14 +1335,25 @@ setup_socket(int family, int *send_sockp, int *recv_sockp, int *if_index,
 			if (setsockopt(send_sock, (family == AF_INET) ?
 			    IPPROTO_IP : IPPROTO_IPV6, IP_SEC_OPT, &req,
 			    sizeof (req)) < 0) {
-				if (errno == EPERM)
+				switch (errno) {
+				case EPROTONOSUPPORT:
+					/*
+					 * No IPsec subsystem or policy loaded.
+					 * Bypass implicitly allowed.
+					 */
+					break;
+				case EPERM:
 					Fprintf(stderr, "%s: Insufficient "
 					    "privilege to bypass IPsec "
 					    "policy.\n", progname);
-				else
+					exit(EXIT_FAILURE);
+					break;
+				default:
 					Fprintf(stderr, "%s: setsockopt %s\n",
 					    progname, strerror(errno));
-				exit(EXIT_FAILURE);
+					exit(EXIT_FAILURE);
+					break;
+				}
 			}
 		}
 
diff --git a/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_ip.c b/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_ip.c
index 816dc7be03..e062411d66 100644
--- a/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_ip.c
+++ b/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_ip.c
@@ -811,7 +811,7 @@ prt_fragment_hdr(int flags, const struct ip6_frag *ipv6ext_frag)
 
 	if (flags & F_SUM) {
 		(void) snprintf(get_sum_line(), MAXLINE,
-		    "IPv6 fragment ID=%d Offset=%-4d MF=%d",
+		    "IPv6 fragment ID=%u Offset=%-4d MF=%d",
 		    fragident,
 		    fragoffset,
 		    morefrag);
@@ -826,7 +826,7 @@ prt_fragment_hdr(int flags, const struct ip6_frag *ipv6ext_frag)
 		(void) snprintf(get_line(0, 0), get_line_remain(),
 		    "More Fragments Flag = %s", morefrag ? "true" : "false");
 		(void) snprintf(get_line(0, 0), get_line_remain(),
-		    "Identification = %d", fragident);
+		    "Identification = %u", fragident);
 
 		show_space();
 	}
diff --git a/usr/src/uts/common/inet/ip/ip6_output.c b/usr/src/uts/common/inet/ip/ip6_output.c
index 31b7a54868..50f9309586 100644
--- a/usr/src/uts/common/inet/ip/ip6_output.c
+++ b/usr/src/uts/common/inet/ip/ip6_output.c
@@ -1086,9 +1086,6 @@ ire_send_wire_v6(ire_t *ire, mblk_t *mp, void *iph_arg,
 			 */
 			ident = atomic_add_32_nv(identp, ixa->ixa_extra_ident +
 			    1);
-#ifndef _BIG_ENDIAN
-			ident = htonl(ident);
-#endif
 			ixa->ixa_ident = ident;	/* In case we do IPsec */
 		}
 		if (ixaflags & IXAF_IPSEC_SECURE) {