add conntrack zone serialization

this allows to use the zone for conntrack delete

Signed-off-by: Antonio Ojea <aojea@google.com>

Author: aojea

conntrack_linux.go

@@ -391,6 +391,8 @@ func (s *ConntrackFlow) toNlData() ([]*nl.RtAttr, error) {
 	//	<BEuint64>
 	//	<len, CTA_LABELS>
 	//	<binary data>
+	//	<len, CTA_ZONE>
+	//	<BEuint16>
 	//	<len, NLA_F_NESTED|CTA_PROTOINFO>
 
 	// CTA_TUPLE_ORIG
@@ -439,6 +441,11 @@ func (s *ConntrackFlow) toNlData() ([]*nl.RtAttr, error) {
 		}
 	}
 
+	if s.Zone != 0 {
+		ctZone := nl.NewRtAttr(nl.CTA_ZONE, nl.BEUint16Attr(s.Zone))
+		payload = append(payload, ctZone)
+	}
+
 	return payload, nil
 }
 

conntrack_test.go

@@ -1541,6 +1541,8 @@ func TestConntrackDeleteV4(t *testing.T) {
 		t.Fatalf("failed to create netlink handle: %s", err)
 	}
 
+	ctZone := uint16(123)
+
 	flow := ConntrackFlow{
 		FamilyType: FAMILY_V4,
 		Forward: IPTuple{
@@ -1562,6 +1564,7 @@ func TestConntrackDeleteV4(t *testing.T) {
 		ProtoInfo: &ProtoInfoTCP{
 			State: nl.TCP_CONNTRACK_ESTABLISHED,
 		},
+		Zone: ctZone,
 	}
 
 	// Create the entry using the handle
@@ -1586,6 +1589,7 @@ func TestConntrackDeleteV4(t *testing.T) {
 			ConntrackOrigDstPort: flow.Forward.DstPort,
 		},
 		protoFilter: unix.IPPROTO_TCP,
+		zoneFilter:  &ctZone,
 	}
 	var match *ConntrackFlow
 	for _, f := range flows {
@@ -1645,6 +1649,8 @@ func TestConntrackDeleteV6(t *testing.T) {
 		t.Fatalf("failed to create netlink handle: %s", err)
 	}
 
+	ctZone := uint16(123)
+
 	flow := ConntrackFlow{
 		FamilyType: FAMILY_V6,
 		Forward: IPTuple{
@@ -1666,6 +1672,7 @@ func TestConntrackDeleteV6(t *testing.T) {
 		ProtoInfo: &ProtoInfoTCP{
 			State: nl.TCP_CONNTRACK_ESTABLISHED,
 		},
+		Zone: ctZone,
 	}
 
 	// Create the entry using the handle
@@ -1690,6 +1697,7 @@ func TestConntrackDeleteV6(t *testing.T) {
 			ConntrackOrigDstPort: flow.Forward.DstPort,
 		},
 		protoFilter: unix.IPPROTO_TCP,
+		zoneFilter:  &ctZone,
 	}
 	var match *ConntrackFlow
 	for _, f := range flows {