diff --git a/target/linux/generic/patches-3.10/616-net_optimize_xfrm_calls.patch b/target/linux/generic/patches-3.10/616-net_optimize_xfrm_calls.patch
new file mode 100644
index 0000000000..a21fec70c6
--- /dev/null
+++ b/target/linux/generic/patches-3.10/616-net_optimize_xfrm_calls.patch
@@ -0,0 +1,13 @@
+--- a/net/netfilter/nf_nat_core.c
++++ b/net/netfilter/nf_nat_core.c
+@@ -89,6 +89,9 @@ int nf_xfrm_me_harder(struct sk_buff *sk
+ 	struct dst_entry *dst;
+ 	int err;
+ 
++	if (!dev_net(skb->dev)->xfrm.policy_count[XFRM_POLICY_OUT])
++		return 0;
++
+ 	err = xfrm_decode_session(skb, &fl, family);
+ 	if (err < 0)
+ 		return err;
+
diff --git a/target/linux/generic/patches-3.14/616-net_optimize_xfrm_calls.patch b/target/linux/generic/patches-3.14/616-net_optimize_xfrm_calls.patch
new file mode 100644
index 0000000000..088d32d407
--- /dev/null
+++ b/target/linux/generic/patches-3.14/616-net_optimize_xfrm_calls.patch
@@ -0,0 +1,13 @@
+--- a/net/netfilter/nf_nat_core.c
++++ b/net/netfilter/nf_nat_core.c
+@@ -90,6 +90,9 @@ int nf_xfrm_me_harder(struct sk_buff *sk
+ 	struct dst_entry *dst;
+ 	int err;
+ 
++	if (!dev_net(skb->dev)->xfrm.policy_count[XFRM_POLICY_OUT])
++		return 0;
++
+ 	err = xfrm_decode_session(skb, &fl, family);
+ 	if (err < 0)
+ 		return err;
+