From: Felix Fietkau <nbd@nbd.name>
Subject: kernel: add a small xfrm related performance optimization

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
 net/netfilter/nf_nat_core.c | 3 +++
 1 file changed, 3 insertions(+)

--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -93,6 +93,9 @@ int nf_xfrm_me_harder(struct net *net, s
 	struct dst_entry *dst;
 	int err;
 
+	if (skb->dev && !dev_net(skb->dev)->xfrm.policy_count[XFRM_POLICY_OUT])
+		return 0;
+
 	err = xfrm_decode_session(skb, &fl, family);
 	if (err < 0)
 		return err;