diff --git a/sys/netipsec/keysock.c b/sys/netipsec/keysock.c
index 1d2f52ef6ef9..a0353d3ddbec 100644
--- a/sys/netipsec/keysock.c
+++ b/sys/netipsec/keysock.c
@@ -172,90 +172,6 @@ key_sendup0(struct rawcb *rp, struct mbuf *m, int promisc)
 	return error;
 }
 
-/* XXX this interface should be obsoleted. */
-int
-key_sendup(struct socket *so, struct sadb_msg *msg, u_int len, int target)
-{
-	struct mbuf *m, *n, *mprev;
-	int tlen;
-
-	/* sanity check */
-	if (so == NULL || msg == NULL)
-		panic("%s: NULL pointer was passed.\n", __func__);
-
-	KEYDBG(KEY_DUMP,
-	    printf("%s: \n", __func__);
-	    kdebug_sadb(msg));
-
-	/*
-	 * we increment statistics here, just in case we have ENOBUFS
-	 * in this function.
-	 */
-	PFKEYSTAT_INC(in_total);
-	PFKEYSTAT_ADD(in_bytes, len);
-	PFKEYSTAT_INC(in_msgtype[msg->sadb_msg_type]);
-
-	/*
-	 * Get mbuf chain whenever possible (not clusters),
-	 * to save socket buffer.  We'll be generating many SADB_ACQUIRE
-	 * messages to listening key sockets.  If we simply allocate clusters,
-	 * sbappendaddr() will raise ENOBUFS due to too little sbspace().
-	 * sbspace() computes # of actual data bytes AND mbuf region.
-	 *
-	 * TODO: SADB_ACQUIRE filters should be implemented.
-	 */
-	tlen = len;
-	m = mprev = NULL;
-	while (tlen > 0) {
-		if (tlen == len) {
-			MGETHDR(n, M_NOWAIT, MT_DATA);
-			if (n == NULL) {
-				PFKEYSTAT_INC(in_nomem);
-				return ENOBUFS;
-			}
-			n->m_len = MHLEN;
-		} else {
-			MGET(n, M_NOWAIT, MT_DATA);
-			if (n == NULL) {
-				PFKEYSTAT_INC(in_nomem);
-				return ENOBUFS;
-			}
-			n->m_len = MLEN;
-		}
-		if (tlen >= MCLBYTES) {	/*XXX better threshold? */
-			if (!(MCLGET(n, M_NOWAIT))) {
-				m_free(n);
-				m_freem(m);
-				PFKEYSTAT_INC(in_nomem);
-				return ENOBUFS;
-			}
-			n->m_len = MCLBYTES;
-		}
-
-		if (tlen < n->m_len)
-			n->m_len = tlen;
-		n->m_next = NULL;
-		if (m == NULL)
-			m = mprev = n;
-		else {
-			mprev->m_next = n;
-			mprev = n;
-		}
-		tlen -= n->m_len;
-		n = NULL;
-	}
-	m->m_pkthdr.len = len;
-	m->m_pkthdr.rcvif = NULL;
-	m_copyback(m, 0, len, (caddr_t)msg);
-
-	/* avoid duplicated statistics */
-	PFKEYSTAT_ADD(in_total, -1);
-	PFKEYSTAT_ADD(in_bytes, -len);
-	PFKEYSTAT_ADD(in_msgtype[msg->sadb_msg_type], -1);
-
-	return key_sendup_mbuf(so, m, target);
-}
-
 /* so can be NULL if target != KEY_SENDUP_ONE */
 int
 key_sendup_mbuf(struct socket *so, struct mbuf *m, int target)
diff --git a/sys/netipsec/keysock.h b/sys/netipsec/keysock.h
index 30b68da66b78..484c65361e5e 100644
--- a/sys/netipsec/keysock.h
+++ b/sys/netipsec/keysock.h
@@ -78,12 +78,8 @@ VNET_PCPUSTAT_DECLARE(struct pfkeystat, pfkeystat);
     VNET_PCPUSTAT_ADD(struct pfkeystat, pfkeystat, name, (val))
 #define	PFKEYSTAT_INC(name)		PFKEYSTAT_ADD(name, 1)
 
-extern int key_output(struct mbuf *m, struct socket *so, ...);
-extern int key_usrreq(struct socket *, int, struct mbuf *,
-    struct mbuf *, struct mbuf *);
-
-extern int key_sendup(struct socket *, struct sadb_msg *, u_int, int);
-extern int key_sendup_mbuf(struct socket *, struct mbuf *, int);
+int key_output(struct mbuf *m, struct socket *so, ...);
+int key_sendup_mbuf(struct socket *, struct mbuf *, int);
 #endif /* _KERNEL */
 
 #endif /*_NETIPSEC_KEYSOCK_H_*/