2 files changed, 11 insertions, 9 deletions
diff --git a/net/openvswitch/Kconfig b/net/openvswitch/Kconfig
index 234a73344c6e..ce947292ae77 100644
--- a/net/openvswitch/Kconfig
+++ b/net/openvswitch/Kconfig
@@ -7,7 +7,9 @@ config OPENVSWITCH
        depends on INET
        depends on !NF_CONNTRACK || \
                   (NF_CONNTRACK && ((!NF_DEFRAG_IPV6 || NF_DEFRAG_IPV6) && \
-                                     (!NF_NAT || NF_NAT)))
+                                     (!NF_NAT || NF_NAT) && \
+                                     (!NF_NAT_IPV4 || NF_NAT_IPV4) && \
+                                     (!NF_NAT_IPV6 || NF_NAT_IPV6)))
        select LIBCRC32C
        select MPLS
        select NET_MPLS_GSO
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index 47f7c62761d2..3797879b0bf8 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -535,14 +535,15 @@ static int ovs_ct_nat_execute(struct sk_buff *skb, struct nf_conn *ct,
        switch (ctinfo) {
        case IP_CT_RELATED:
        case IP_CT_RELATED_REPLY:
-                if (skb->protocol == htons(ETH_P_IP) &&
+                if (IS_ENABLED(CONFIG_NF_NAT_IPV4) &&
+                    skb->protocol == htons(ETH_P_IP) &&
                    ip_hdr(skb)->protocol == IPPROTO_ICMP) {
                        if (!nf_nat_icmp_reply_translation(skb, ct, ctinfo,
                                                           hooknum))
                                err = NF_DROP;
                        goto push;
-#if IS_ENABLED(CONFIG_NF_NAT_IPV6)
+                } else if (IS_ENABLED(CONFIG_NF_NAT_IPV6) &&
-                } else if (skb->protocol == htons(ETH_P_IPV6)) {
+                           skb->protocol == htons(ETH_P_IPV6)) {
                        __be16 frag_off;
                        u8 nexthdr = ipv6_hdr(skb)->nexthdr;
                        int hdrlen = ipv6_skip_exthdr(skb,
@@ -557,7 +558,6 @@ static int ovs_ct_nat_execute(struct sk_buff *skb, struct nf_conn *ct,
                                        err = NF_DROP;
                                goto push;
                        }
-#endif
                }
                /* Non-ICMP, fall thru to initialize if needed. */
        case IP_CT_NEW:
@@ -1239,7 +1239,8 @@ static bool ovs_ct_nat_to_attr(const struct ovs_conntrack_info *info,
        }
        if (info->range.flags & NF_NAT_RANGE_MAP_IPS) {
-                if (info->family == NFPROTO_IPV4) {
+                if (IS_ENABLED(CONFIG_NF_NAT_IPV4) &&
+                    info->family == NFPROTO_IPV4) {
                        if (nla_put_in_addr(skb, OVS_NAT_ATTR_IP_MIN,
                                            info->range.min_addr.ip) ||
                            (info->range.max_addr.ip
@@ -1247,8 +1248,8 @@ static bool ovs_ct_nat_to_attr(const struct ovs_conntrack_info *info,
                             (nla_put_in_addr(skb, OVS_NAT_ATTR_IP_MAX,
                                              info->range.max_addr.ip))))
                                return false;
-#if IS_ENABLED(CONFIG_NF_NAT_IPV6)
+                } else if (IS_ENABLED(CONFIG_NF_NAT_IPV6) &&
-                } else if (info->family == NFPROTO_IPV6) {
+                           info->family == NFPROTO_IPV6) {
                        if (nla_put_in6_addr(skb, OVS_NAT_ATTR_IP_MIN,
                                             &info->range.min_addr.in6) ||
                            (memcmp(&info->range.max_addr.in6,
@@ -1257,7 +1258,6 @@ static bool ovs_ct_nat_to_attr(const struct ovs_conntrack_info *info,
                             (nla_put_in6_addr(skb, OVS_NAT_ATTR_IP_MAX,
                                               &info->range.max_addr.in6))))
                                return false;
-#endif
                } else {
                        return false;
                }