--- /dev/null
+From 47e640af2e492cc28778dd6f894d50313f7fba75 Mon Sep 17 00:00:00 2001
+From: Jeremy Sowden <jeremy@azazel.net>
+Date: Wed, 7 Aug 2019 15:17:01 +0100
+Subject: netfilter: add missing IS_ENABLED(CONFIG_NF_TABLES) check to header-file.
+
+From: Jeremy Sowden <jeremy@azazel.net>
+
+commit 47e640af2e492cc28778dd6f894d50313f7fba75 upstream.
+
+nf_tables.h defines an API comprising several inline functions and
+macros that depend on the nft member of struct net. However, this is
+only defined is CONFIG_NF_TABLES is enabled. Added preprocessor checks
+to ensure that nf_tables.h will compile if CONFIG_NF_TABLES is disabled.
+
+Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Link: https://lore.kernel.org/netfilter-devel/20190920094925.aw7actk4tdnk3rke@salvia/T/
+Fixes: 3c171f496ef5 ("netfilter: bridge: add connection tracking system")
+Reported-by: Adam Borowski <kilobyte@angband.pl>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/net/netfilter/nf_tables.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/include/net/netfilter/nf_tables.h
++++ b/include/net/netfilter/nf_tables.h
+@@ -1206,6 +1206,8 @@ void nft_trace_notify(struct nft_tracein
+ #define MODULE_ALIAS_NFT_OBJ(type) \
+ MODULE_ALIAS("nft-obj-" __stringify(type))
+
++#if IS_ENABLED(CONFIG_NF_TABLES)
++
+ /*
+ * The gencursor defines two generations, the currently active and the
+ * next one. Objects contain a bitmask of 2 bits specifying the generations
+@@ -1279,6 +1281,8 @@ static inline void nft_set_elem_change_a
+ ext->genmask ^= nft_genmask_next(net);
+ }
+
++#endif /* IS_ENABLED(CONFIG_NF_TABLES) */
++
+ /*
+ * We use a free bit in the genmask field to indicate the element
+ * is busy, meaning it is currently being processed either by
projects / thirdparty / kernel / stable-queue.git / commitdiff
