From d2511707fa29fc0ccb588bfb83196ff5c613166c Mon Sep 17 00:00:00 2001
From: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Date: Mon, 22 Jan 2024 17:50:39 +0800
Subject: [PATCH] zdtm: socket-tcp-nft-nfconntrack: add a hook to the chain in
 nft case

Let's use hooked nft chain which actually affects packets.

Fixes: e5f4d8c6f ("test/nfconntrack: use nft or iptables-legacy")
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
---
 test/zdtm/static/socket-tcp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/zdtm/static/socket-tcp.c b/test/zdtm/static/socket-tcp.c
index 9830c7860..bc2075496 100644
--- a/test/zdtm/static/socket-tcp.c
+++ b/test/zdtm/static/socket-tcp.c
@@ -92,7 +92,7 @@ int main(int argc, char **argv)
 
 	if (system("nft add table ip filter"))
 		return 1;
-	if (system("nft add chain ip filter INPUT"))
+	if (system("nft 'add chain ip filter INPUT { type filter hook input priority 0 ; }'"))
 		return 1;
 	if (system("nft add rule ip filter INPUT iifname \"lo\" ip protocol tcp ct state new,established counter accept"))
 		return 1;