spdsock_flush_one
static void spdsock_flush_one(ipsec_policy_head_t *, netstack_t *);
spdsock_flush_one(iph, ns); /* Releases iph refhold. */
spdsock_flush_one(iph, ns);
spdsock_flush_one(active ? ipsec_system_policy(ns) :