From 695f7c561490cfa30431266c02d4194ea59ef443 Mon Sep 17 00:00:00 2001
From: Luiz Otavio O Souza <luiz@netgate.com>
Date: Tue, 15 Sep 2015 13:37:48 -0500
Subject: MFC r272299:

Remove redundant call to ipsec_getpolicybyaddr().
ipsec_hdrsiz() will call it internally.

Sponsored by:   Yandex LLC

TAG:	IPSEC-HEAD
Issue:	#4841
---
 sys/netinet6/ip6_forward.c | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c
index caa58e6..7325868 100644
--- a/sys/netinet6/ip6_forward.c
+++ b/sys/netinet6/ip6_forward.c
@@ -557,8 +557,6 @@ pass:
 		if (mcopy) {
 			u_long mtu;
 #ifdef IPSEC
-			struct secpolicy *sp;
-			int ipsecerror;
 			size_t ipsechdrsiz;
 #endif /* IPSEC */
 
@@ -571,15 +569,10 @@ pass:
 			 * case, as we have the outgoing interface for
 			 * encapsulated packet as "rt->rt_ifp".
 			 */
-			sp = ipsec_getpolicybyaddr(mcopy, IPSEC_DIR_OUTBOUND,
-				IP_FORWARDING, &ipsecerror);
-			if (sp) {
-				ipsechdrsiz = ipsec_hdrsiz(mcopy,
-					IPSEC_DIR_OUTBOUND, NULL);
-				if (ipsechdrsiz < mtu)
-					mtu -= ipsechdrsiz;
-			}
-
+			ipsechdrsiz = ipsec_hdrsiz(mcopy, IPSEC_DIR_OUTBOUND,
+			    NULL);
+			if (ipsechdrsiz < mtu)
+				mtu -= ipsechdrsiz;
 			/*
 			 * if mtu becomes less than minimum MTU,
 			 * tell minimum MTU (and I'll need to fragment it).
-- 
cgit v1.1