MFC r275710:

Remove flag/flags argument from the following functions:
 ipsec_getpolicybyaddr()
 ipsec4_checkpolicy()
 ip_ipsec_output()
 ip6_ipsec_output()

The only flag used here was IP_FORWARDING.

Obtained from:  Yandex LLC
Sponsored by:   Yandex LLC

TAG:	IPSEC-HEAD
Issue:	#4841

2 files changed, 12 insertions, 23 deletions

diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c
index f27019d..ecf80a8 100644
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@@ -416,7 +416,7 @@ ipsec_getpolicybysock(struct mbuf *m, u_int dir, struct inpcb *inp, int *error)
  *		others	: error occured.
  */
 struct secpolicy *
-ipsec_getpolicybyaddr(struct mbuf *m, u_int dir, int flag, int *error)
+ipsec_getpolicybyaddr(struct mbuf *m, u_int dir, int *error)
 {
 	struct secpolicyindex spidx;
 	struct secpolicy *sp;
@@ -429,15 +429,13 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_int dir, int flag, int *error)
 	sp = NULL;
 	if (key_havesp(dir)) {
 		/* Make an index to look for a policy. */
-		*error = ipsec_setspidx(m, &spidx,
-					(flag & IP_FORWARDING) ? 0 : 1);
+		*error = ipsec_setspidx(m, &spidx, 0);
 		if (*error != 0) {
-			DPRINTF(("%s: setpidx failed, dir %u flag %u\n",
-				__func__, dir, flag));
+			DPRINTF(("%s: setpidx failed, dir %u\n",
+				__func__, dir));
 			return (NULL);
 		}
 		spidx.dir = dir;
-
 		sp = KEY_ALLOCSP(&spidx, dir);
 	}
 	if (sp == NULL)			/* No SP found, use system default. */
@@ -447,14 +445,13 @@ ipsec_getpolicybyaddr(struct mbuf *m, u_int dir, int flag, int *error)
 }
 
 struct secpolicy *
-ipsec4_checkpolicy(struct mbuf *m, u_int dir, u_int flag, int *error,
-    struct inpcb *inp)
+ipsec4_checkpolicy(struct mbuf *m, u_int dir, int *error, struct inpcb *inp)
 {
 	struct secpolicy *sp;
 
 	*error = 0;
 	if (inp == NULL)
-		sp = ipsec_getpolicybyaddr(m, dir, flag, error);
+		sp = ipsec_getpolicybyaddr(m, dir, error);
 	else
 		sp = ipsec_getpolicybysock(m, dir, inp, error);
 	if (sp == NULL) {
@@ -1275,13 +1272,9 @@ ipsec46_in_reject(struct mbuf *m, struct inpcb *inp)
 
 	IPSEC_ASSERT(m != NULL, ("null mbuf"));
 
-	/*
-	 * Get SP for this packet.
-	 * When we are called from ip_forward(), we call
-	 * ipsec_getpolicybyaddr() with IP_FORWARDING flag.
-	 */
+	/* Get SP for this packet. */
 	if (inp == NULL)
-		sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, IP_FORWARDING, &error);
+		sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, &error);
 	else
 		sp = ipsec_getpolicybysock(m, IPSEC_DIR_INBOUND, inp, &error);
 
@@ -1407,12 +1400,9 @@ ipsec_hdrsiz(struct mbuf *m, u_int dir, struct inpcb *inp)
 
 	IPSEC_ASSERT(m != NULL, ("null mbuf"));
 
-	/* Get SP for this packet.
-	 * When we are called from ip_forward(), we call
-	 * ipsec_getpolicybyaddr() with IP_FORWARDING flag.
-	 */
+	/* Get SP for this packet. */
 	if (inp == NULL)
-		sp = ipsec_getpolicybyaddr(m, dir, IP_FORWARDING, &error);
+		sp = ipsec_getpolicybyaddr(m, dir, &error);
 	else
 		sp = ipsec_getpolicybysock(m, dir, inp, &error);
 
diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h
index 285860c..436fcf6 100644
--- a/sys/netipsec/ipsec.h
+++ b/sys/netipsec/ipsec.h
@@ -317,10 +317,9 @@ extern	void ipsec_delisr(struct ipsecrequest *);
 struct tdb_ident;
 extern struct secpolicy *ipsec_getpolicy(struct tdb_ident*, u_int);
 struct inpcb;
-extern struct secpolicy *ipsec4_checkpolicy(struct mbuf *, u_int, u_int,
+extern struct secpolicy *ipsec4_checkpolicy(struct mbuf *, u_int,
 	int *, struct inpcb *);
-extern struct secpolicy * ipsec_getpolicybyaddr(struct mbuf *, u_int,
-	int, int *);
+extern struct secpolicy * ipsec_getpolicybyaddr(struct mbuf *, u_int, int *);
 
 struct inpcb;
 extern int ipsec_init_policy(struct socket *so, struct inpcbpolicy **);