From e90c512e637ba589ed6e2bb2c81bfefc0f5e890e Mon Sep 17 00:00:00 2001 From: Felix Fietkau <nbd@nbd.name> Date: Mon, 30 Oct 2017 16:17:59 +0530 Subject: [PATCH] kernel: add a small xfrm related performance optimization Signed-off-by: Felix Fietkau <nbd@nbd.name> --- net/netfilter/nf_nat_core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c index 624d6e4dc..bb69fa713 100644 --- a/net/netfilter/nf_nat_core.c +++ b/net/netfilter/nf_nat_core.c @@ -93,6 +93,9 @@ int nf_xfrm_me_harder(struct net *net, struct sk_buff *skb, unsigned int family) struct dst_entry *dst; int err; + if (skb->dev && !dev_net(skb->dev)->xfrm.policy_count[XFRM_POLICY_OUT]) + return 0; + err = xfrm_decode_session(skb, &fl, family); if (err < 0) return err; -- GitLab