target/linux/config: fixup (IPv4) NAT support

- add missing xt_conntrack.ko
- conntrack needs to be loaded before NAT
- add generic nf_nat.ko and xt_nat.ko
- drop linux-3.4 compat case
- fix symbol names for conntrack and connmark matches
- fix for non-existing FULL_NAT symbol

Signed-off-by: Phil Sutter <phil@nwl.cc>

mk/modules.mk

@@ -470,6 +470,12 @@ $(eval $(call KMOD_template,NETFILTER_XT_TARGET_LOG,netfilter-xt-target-log,\
 
 $(eval $(call KMOD_template,NF_CONNTRACK,nf-conntrack,\
 	$(MODULES_DIR)/kernel/net/netfilter/nf_conntrack \
+	$(MODULES_DIR)/kernel/net/netfilter/xt_conntrack \
+,41))
+
+$(eval $(call KMOD_template,NF_NAT,nf-nat,\
+	$(MODULES_DIR)/kernel/net/netfilter/nf_nat \
+	$(MODULES_DIR)/kernel/net/netfilter/xt_nat \
 ,45))
 
 $(eval $(call KMOD_template,NF_CONNTRACK_IPV4,nf-conntrack-ipv4,\
@@ -477,20 +483,10 @@ $(eval $(call KMOD_template,NF_CONNTRACK_IPV4,nf-conntrack-ipv4,\
 	$(MODULES_DIR)/kernel/net/ipv4/netfilter/nf_conntrack_ipv4 \
 ,46))
 
-ifeq ($(KERNEL_BASE),3)
-ifeq ($(KERNEL_MAJ),4)
-$(eval $(call KMOD_template,FULL_NAT,full-nat,\
-	$(MODULES_DIR)/kernel/net/ipv4/netfilter/nf_nat \
-	$(MODULES_DIR)/kernel/net/ipv4/netfilter/iptable_nat \
-,50))
-else
-$(eval $(call KMOD_template,FULL_NAT,full-nat,\
-	$(MODULES_DIR)/kernel/net/netfilter/nf_nat \
+$(eval $(call KMOD_template,NF_NAT_IPV4,nf-nat-ipv4,\
 	$(MODULES_DIR)/kernel/net/ipv4/netfilter/nf_nat_ipv4 \
 	$(MODULES_DIR)/kernel/net/ipv4/netfilter/iptable_nat \
 ,50))
-endif
-endif
 
 $(eval $(call KMOD_template,NF_CONNTRACK_FTP,nf-conntrack-ftp,\
 	$(MODULES_DIR)/kernel/net/netfilter/nf_conntrack_ftp \

target/linux/config/Config.in.netfilter

@@ -125,11 +125,11 @@ config ADK_KERNEL_NETFILTER_XT_MATCH_STATE
 # cannot be ADK_KERNEL_IP_NF_MATCH_CONNTRACK because
 # netfilter is built as a module -> this'll always be
 # a module, too
-config ADK_KERNEL_IP_NF_MATCH_CONNTRACK
+config ADK_KERNEL_NETFILTER_XT_MATCH_CONNTRACK
 	tristate
 	default n
 
-config ADK_KERNEL_IP_NF_MATCH_CONNMARK
+config ADK_KERNEL_NETFILTER_XT_MATCH_CONNMARK
 	tristate
 	default n
 

target/linux/config/Config.in.netfilter.ip4

@@ -2,6 +2,7 @@ config ADK_KERNEL_NF_CONNTRACK_IPV4
 	prompt 'IPv4 connection tracking support (required for NAT)'
 	tristate
 	select ADK_KERNEL_NF_CONNTRACK
+	select ADK_KERNEL_NETFILTER_XT_MATCH_CONNTRACK
 	default m if ADK_PACKAGE_IPTABLES
 	default n
 	help
@@ -61,7 +62,7 @@ config ADK_KERNEL_NF_NAT_IPV4
 
 config ADK_KERNEL_IP_NF_TARGET_MASQUERADE
 	tristate 'MASQUERADE target support'
-	depends on ADK_KERNEL_FULL_NAT
+	depends on ADK_KERNEL_NF_NAT
 	default m if ADK_PACKAGE_IPTABLES
 	default n
 	help
@@ -99,7 +100,7 @@ config ADK_KERNEL_IP_NF_TARGET_ULOG
 
 config ADK_KERNEL_IP_NF_TARGET_REDIRECT
 	tristate 'REDIRECT target support'
-	depends on ADK_KERNEL_FULL_NAT
+	depends on ADK_KERNEL_NF_NAT
 	help
 	  REDIRECT is a special case of NAT: all incoming connections are
 	  mapped onto the incoming interface's address, causing the packets to
@@ -108,7 +109,7 @@ config ADK_KERNEL_IP_NF_TARGET_REDIRECT
 
 config ADK_KERNEL_IP_NF_TARGET_NETMAP
 	tristate 'NETMAP target support'
-	depends on ADK_KERNEL_FULL_NAT
+	depends on ADK_KERNEL_NF_NAT
 	help
 	  NETMAP is an implementation of static 1:1 NAT mapping of network
 	  addresses. It maps the network address part, while keeping the host
@@ -117,7 +118,6 @@ config ADK_KERNEL_IP_NF_TARGET_NETMAP
 
 config ADK_KERNEL_IP_NF_MANGLE
 	tristate 'Packet mangling'
-	depends on ADK_KERNEL_FULL_NAT
 	help
 	  This option adds a `mangle' table to iptables: see the man page for
 	  iptables(8).  This table is used for various packet alterations