Reduce the diff between ipsec6_input and ipsec4_input.

sys/netipsec/ipsec.c

@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.139 2018/02/26 09:04:29 maxv Exp $ */
+/* $NetBSD: ipsec.c,v 1.140 2018/02/26 10:19:13 maxv Exp $ */
 /* $FreeBSD: src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
 /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.139 2018/02/26 09:04:29 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.140 2018/02/26 10:19:13 maxv Exp $");
 
 /*
  * IPsec controller part.
@@ -2140,18 +2140,16 @@ ipsec6_input(struct mbuf *m)
 
 	s = splsoftnet();
 	sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, IP_FORWARDING, &error);
-	if (sp != NULL) {
-		/*
-		 * Check security policy against packet
-		 * attributes.
-		 */
-		error = ipsec_sp_reject(sp, m);
-		KEY_SP_UNREF(&sp);
-	} else {
-		/* XXX error stat??? */
-		error = EINVAL;
-		IPSECLOG(LOG_DEBUG, "no SP, packet discarded\n");/*XXX*/
+	if (sp == NULL) {
+		splx(s);
+		return EINVAL;
 	}
+
+	/*
+	 * Check security policy against packet attributes.
+	 */
+	error = ipsec_sp_reject(sp, m);
+	KEY_SP_UNREF(&sp);
 	splx(s);
 
 	return error;