3 files changed, 6 insertions, 8 deletions

diff --git a/sys/netinet/ip_ipsec.c b/sys/netinet/ip_ipsec.c
index 2452ec3abac6f..f086f3486ef78 100644
--- a/sys/netinet/ip_ipsec.c
+++ b/sys/netinet/ip_ipsec.c
@@ -110,8 +110,7 @@ ip_ipsec_fwd(struct mbuf *m)
 	struct secpolicy *sp;
 	int error;
 
-	sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND,
-	    IP_FORWARDING, &error);
+	sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, &error);
 	if (sp != NULL) {
 		/*
 		 * Check security policy against packet attributes.
@@ -142,8 +141,7 @@ ip_ipsec_input(struct mbuf *m, int nxt)
 	 * code - like udp/tcp/raw ip.
 	 */
 	if ((inetsw[ip_protox[nxt]].pr_flags & PR_LASTHDR) != 0) {
-		sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND,
-		    IP_FORWARDING, &error);
+		sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, &error);
 		if (sp != NULL) {
 			/*
 			 * Check security policy against packet attributes.
@@ -185,7 +183,7 @@ ip_ipsec_mtu(struct mbuf *m, int mtu)
  * -1 = packet was reinjected and stop processing packet
  */
 int
-ip_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error)
+ip_ipsec_output(struct mbuf **m, struct inpcb *inp, int *error)
 {
 	struct secpolicy *sp;
 	/*
@@ -201,7 +199,7 @@ ip_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error)
 		*error = 0;
 		return (0);
 	}
-	sp = ipsec4_checkpolicy(*m, IPSEC_DIR_OUTBOUND, *flags, error, inp);
+	sp = ipsec4_checkpolicy(*m, IPSEC_DIR_OUTBOUND, error, inp);
 	/*
 	 * There are four return cases:
 	 *    sp != NULL	 	    apply IPsec policy
diff --git a/sys/netinet/ip_ipsec.h b/sys/netinet/ip_ipsec.h
index 412b16570ccfd..f499b74000bac 100644
--- a/sys/netinet/ip_ipsec.h
+++ b/sys/netinet/ip_ipsec.h
@@ -36,5 +36,5 @@ int	ip_ipsec_filtertunnel(struct mbuf *);
 int	ip_ipsec_fwd(struct mbuf *);
 int	ip_ipsec_input(struct mbuf *, int);
 int	ip_ipsec_mtu(struct mbuf *, int);
-int	ip_ipsec_output(struct mbuf **, struct inpcb *, int *, int *);
+int	ip_ipsec_output(struct mbuf **, struct inpcb *, int *);
 #endif
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 611c53c7e9418..275c29d1ea499 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -461,7 +461,7 @@ again:
 
 sendit:
 #ifdef IPSEC
-	switch(ip_ipsec_output(&m, inp, &flags, &error)) {
+	switch(ip_ipsec_output(&m, inp, &error)) {
 	case 1:
 		goto bad;
 	case -1: