test/nfconntrack: use iptables-legacy

Signed-off-by: Radostin Stoyanov <[email protected]>

.cirrus.yml

@@ -36,7 +36,7 @@ task:
     ln -sf /usr/include/google/protobuf/descriptor.proto images/google/protobuf/descriptor.proto
     dnf config-manager --set-enabled crb # Same as CentOS 8 powertools
     dnf -y install epel-release epel-next-release
-    dnf -y install --allowerasing asciidoc gcc git gnutls-devel libaio-devel libasan libcap-devel libnet-devel libnl3-devel libbsd-devel libselinux-devel make protobuf-c-devel protobuf-devel python-devel python-PyYAML python-protobuf python-junit_xml python3-importlib-metadata python-flake8 xmlto libdrm-devel
+    dnf -y install --allowerasing asciidoc gcc git gnutls-devel libaio-devel libasan libcap-devel libnet-devel libnl3-devel libbsd-devel libselinux-devel make protobuf-c-devel protobuf-devel python-devel python-PyYAML python-protobuf python-junit_xml python3-importlib-metadata python-flake8 xmlto libdrm-devel iptables-legacy
     # The image has a too old version of nettle which does not work with gnutls.
     # Just upgrade to the latest to make the error go away.
     dnf -y upgrade nettle nettle-devel
@@ -111,7 +111,7 @@ task:
     yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm || :
     yum install -y dnf-plugins-core
     yum config-manager --set-enabled powertools
-    yum install -y --allowerasing asciidoc gcc git gnutls-devel libaio-devel libasan libcap-devel libnet-devel libnl3-devel libbsd-devel libselinux-devel make protobuf-c-devel protobuf-devel python3-devel python3-flake8 python3-PyYAML python3-protobuf python3-importlib-metadata python3-junit_xml xmlto libdrm-devel
+    yum install -y --allowerasing asciidoc gcc git gnutls-devel libaio-devel libasan libcap-devel libnet-devel libnl3-devel libbsd-devel libselinux-devel make protobuf-c-devel protobuf-devel python3-devel python3-flake8 python3-PyYAML python3-protobuf python3-importlib-metadata python3-junit_xml xmlto libdrm-devel iptables-legacy
     alternatives --set python /usr/bin/python3
     systemctl stop sssd
     # Even with selinux in permissive mode the selinux tests will be executed

scripts/build/Dockerfile.alpine

@@ -33,6 +33,7 @@ RUN make mrproper && date && make -j $(nproc) CC="$CC" && date
 RUN apk add \
 	ip6tables \
 	iptables \
+	iptables-legacy \
 	nftables \
 	iproute2 \
 	tar \

scripts/ci/vagrant.sh

@@ -39,7 +39,8 @@ setup() {
 	ssh default sudo dnf install -y gcc git gnutls-devel nftables-devel libaio-devel \
 		libasan libcap-devel libnet-devel libnl3-devel libbsd-devel make protobuf-c-devel \
 		protobuf-devel python3-flake8 python3-protobuf python3-importlib-metadata \
-		python3-junit_xml rubygem-asciidoctor iptables libselinux-devel libbpf-devel
+		python3-junit_xml rubygem-asciidoctor iptables libselinux-devel libbpf-devel \
+		iptables-legacy
 	# Disable sssd to avoid zdtm test failures in pty04 due to sssd socket
 	ssh default sudo systemctl mask sssd
 	ssh default cat /proc/cmdline

test/zdtm/static/socket-tcp-nfconntrack.desc

@@ -1 +1,6 @@
-{'flavor': 'h', 'opts': '--tcp-established', 'flags': 'suid'}
+{
+    'deps': ['/bin/sh', '/sbin/ip|/bin/ip', '/sbin/iptables-legacy|/usr/sbin/iptables-legacy'],
+    'flavor': 'h',
+    'opts': '--tcp-established',
+    'flags': 'suid'
+}

test/zdtm/static/socket-tcp.c

@@ -74,9 +74,9 @@ int main(int argc, char **argv)
 	}
 	if (system("ip link set up dev lo"))
 		return 1;
-	if (system("iptables -w -A INPUT -i lo -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT"))
+	if (system("iptables-legacy -w -A INPUT -i lo -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT"))
 		return 1;
-	if (system("iptables -w -A INPUT -j DROP"))
+	if (system("iptables-legacy -w -A INPUT -j DROP"))
 		return 1;
 #endif