[CRIU] [PATCH] [vzt] ./test/zdtm/static:conntracks: Support nftables

[Vitaly Ostrosablin]

Update test to support both iptables and nft to create conntrack rules.

PSBM-99101

Signed-off-by: Vitaly Ostrosablin <vostrosablin at virtuozzo.com>
---
 test/zdtm/static/conntracks | 36 ++++++++++++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/test/zdtm/static/conntracks b/test/zdtm/static/conntracks
index a30e0e268..26220f97c 100755
--- a/test/zdtm/static/conntracks
+++ b/test/zdtm/static/conntracks
@@ -23,7 +23,7 @@ do_or_fail()
 		fail "$failmsg: $output"
 }
 
-do_start()
+do_start_ipt()
 {
 	[ -f "$statefile" ] && die "state file $statefile aleady exists"
 
@@ -35,7 +35,7 @@ do_start()
 		iptables -L \> "$statefile"
 }
 
-do_stop()
+do_stop_ipt()
 {
 	do_or_fail "can't compare the iptables" \
 		iptables -L \| diff -u "$statefile" -
@@ -45,6 +45,38 @@ do_stop()
 	echo "PASS" > $outfile
 }
 
+do_start_nft()
+{
+	[ -f "$statefile" ] && die "state file $statefile aleady exists"
+
+	do_or_fail "can't install a state match" \
+		nft add rule filter INPUT \
+		ct state related,established accept
+
+	do_or_fail "can't list the loaded nftables" \
+		nft list ruleset \> "$statefile"
+}
+
+do_stop_nft()
+{
+	do_or_fail "can't compare the nftables" \
+		nft list ruleset \| diff -u "$statefile" -
+
+	rm -f "$statefile"
+
+	echo "PASS" > $outfile
+}
+
+do_start()
+{
+	[ -x "$(command -v nft)" ] && do_start_nft || do_start_ipt
+}
+
+do_stop()
+{
+	[ -x "$(command -v nft)" ] && do_stop_nft || do_stop_ipt
+}
+
 tmpargs="$(../lib/parseargs.sh --name=$0 \
 		--flags-req=statefile,outfile \
 		--flags-opt="start,stop" -- "$@")" ||
-- 
2.23.0