blob: d39b531f8c044285d64948062f4a168603fe911e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
From: Felix Fietkau <nbd@nbd.name>
Subject: kernel: add a small xfrm related performance optimization
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
net/netfilter/nf_nat_core.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index 5b9c884a452e..4ea363755085 100644
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -95,6 +95,9 @@ int nf_xfrm_me_harder(struct net *net, struct sk_buff *skb, unsigned int family)
struct dst_entry *dst;
int err;
+ if (skb->dev && !dev_net(skb->dev)->xfrm.policy_count[XFRM_POLICY_OUT])
+ return 0;
+
err = xfrm_decode_session(skb, &fl, family);
if (err < 0)
return err;
--
2.11.0
|