vrf: T6097: Fix for veth pair in different VRFS

When veth interface pair is in different VRFS and there is a firewall
rule, `ct original zone` is set for a VRF, which blocks packets somewhy.

Changing to `ct zone` (for both directions) fixes this.

Author: hedrok

smoketest/scripts/cli/test_vrf.py

@@ -651,8 +651,8 @@ def test_vrf_ip_ipv6_nht(self):
     def test_vrf_conntrack(self):
         table = '8710'
         nftables_rules = {
-            'vrf_zones_ct_in': ['ct original zone set iifname map @ct_iface_map'],
-            'vrf_zones_ct_out': ['ct original zone set oifname map @ct_iface_map']
+            'vrf_zones_ct_in': ['ct zone set iifname map @ct_iface_map'],
+            'vrf_zones_ct_out': ['ct zone set oifname map @ct_iface_map']
         }
 
         self.cli_set(base_path + ['name', 'randomVRF', 'table', '1000'])

src/conf_mode/vrf.py

@@ -46,8 +46,8 @@
 
 nftables_table = 'inet vrf_zones'
 nftables_rules = {
-    'vrf_zones_ct_in': 'counter ct original zone set iifname map @ct_iface_map',
-    'vrf_zones_ct_out': 'counter ct original zone set oifname map @ct_iface_map'
+    'vrf_zones_ct_in': 'counter ct zone set iifname map @ct_iface_map',
+    'vrf_zones_ct_out': 'counter ct zone set oifname map @ct_iface_map'
 }
 
 def has_rule(af : str, priority : int, table : str=None):