--- old/iked/ike_conf.c	Fri Mar 27 12:09:50 2009
+++ new/iked/ike_conf.c	Fri Mar 27 12:09:50 2009
@@ -3266,6 +3266,7 @@
 	};
 	const int BITS = 8;
 
+	(void) memset(&param, 0, sizeof (param));
 	/*
 	 * param fields assigned here:
 	 * seq, samode, (reqid,) ul_proto,
@@ -4282,10 +4283,22 @@
 		memcpy(ss, config_ipaddr->a.ipaddr,
 		       SOCKADDR_LEN(config_ipaddr->a.ipaddr));
 		addr = (struct sockaddr *)ss;
+#ifdef sun
+		/*
+		 * XXX KEBE SAYS we need the port from the "policy".  This, of
+		 * course, goes to hell when we introduce tunnel- mode into
+		 * the mix, and config_ipaddr is != actual_addr.  The IKEv1
+		 * callers of this are restricted to ikev1/pfkey.c, and the
+		 * IKEv2 callers are restricted to ikev2_child.c.  Hopefully
+		 * those callers can account for tunnel-mode or
+		 * transport-mode.  :)
+		 */
+#else
 		if (!set_port(addr, extract_port(actual_addr))) {
 			plog(PLOG_INTERR, PLOGLOC, 0, "set_port failed\n");
 			return NULL;
 		}
+#endif
 		break;
 
 	case RCT_ADDR_MACRO:
@@ -4309,12 +4322,23 @@
 		       SOCKADDR_LEN(addrlist->a.ipaddr));
 		rcs_free_addrlist(addrlist);
 		addr = (struct sockaddr *)ss;
+#ifdef sun
+		/*
+		 * XXX KEBE SAYS we need the port from the "policy".  This, of
+		 * course, goes to hell when we introduce tunnel- mode into
+		 * the mix, and config_ipaddr is != actual_addr.  The IKEv1
+		 * callers of this are restricted to ikev1/pfkey.c, and the
+		 * IKEv2 callers are restricted to ikev2_child.c.  Hopefully
+		 * those callers can account for tunnel-mode or
+		 * transport-mode.  :)
+		 */
+#else
 		if (!set_port(addr, extract_port(actual_addr))) {
 			plog(PLOG_INTERR, PLOGLOC, 0, "set_port failed\n");
 			return NULL;
 		}
+#endif
 		break;
-
 	default:
 		plog(PLOG_INTERR, PLOGLOC, 0,
 		     "my_sa_ipaddr or peers_sa_ipaddr is "