xref: /linux/Documentation/netlink/specs/nftables.yaml (revision 001821b0e79716c4e17c71d8e053a23599a7a508)
1# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
2
3name: nftables
4protocol: netlink-raw
5protonum: 12
6
7doc:
8  Netfilter nftables configuration over netlink.
9
10definitions:
11  -
12    name: nfgenmsg
13    type: struct
14    members:
15      -
16        name: nfgen-family
17        type: u8
18      -
19        name: version
20        type: u8
21      -
22        name: res-id
23        byte-order: big-endian
24        type: u16
25  -
26    name: meta-keys
27    type: enum
28    entries:
29      - len
30      - protocol
31      - priority
32      - mark
33      - iif
34      - oif
35      - iifname
36      - oifname
37      - iftype
38      - oiftype
39      - skuid
40      - skgid
41      - nftrace
42      - rtclassid
43      - secmark
44      - nfproto
45      - l4-proto
46      - bri-iifname
47      - bri-oifname
48      - pkttype
49      - cpu
50      - iifgroup
51      - oifgroup
52      - cgroup
53      - prandom
54      - secpath
55      - iifkind
56      - oifkind
57      - bri-iifpvid
58      - bri-iifvproto
59      - time-ns
60      - time-day
61      - time-hour
62      - sdif
63      - sdifname
64      - bri-broute
65  -
66    name: cmp-ops
67    type: enum
68    entries:
69      - eq
70      - neq
71      - lt
72      - lte
73      - gt
74      - gte
75  -
76    name: object-type
77    type: enum
78    entries:
79      - unspec
80      - counter
81      - quota
82      - ct-helper
83      - limit
84      - connlimit
85      - tunnel
86      - ct-timeout
87      - secmark
88      - ct-expect
89      - synproxy
90  -
91    name: nat-range-flags
92    type: flags
93    entries:
94      - map-ips
95      - proto-specified
96      - proto-random
97      - persistent
98      - proto-random-fully
99      - proto-offset
100      - netmap
101  -
102    name: table-flags
103    type: flags
104    entries:
105      - dormant
106      - owner
107      - persist
108  -
109    name: chain-flags
110    type: flags
111    entries:
112      - base
113      - hw-offload
114      - binding
115  -
116    name: set-flags
117    type: flags
118    entries:
119      - anonymous
120      - constant
121      - interval
122      - map
123      - timeout
124      - eval
125      - object
126      - concat
127      - expr
128
129attribute-sets:
130  -
131    name: empty-attrs
132    attributes:
133      -
134        name: name
135        type: string
136  -
137    name: batch-attrs
138    attributes:
139      -
140        name: genid
141        type: u32
142        byte-order: big-endian
143  -
144    name: table-attrs
145    attributes:
146      -
147        name: name
148        type: string
149        doc: name of the table
150      -
151        name: flags
152        type: u32
153        byte-order: big-endian
154        doc: bitmask of flags
155        enum: table-flags
156        enum-as-flags: true
157      -
158        name: use
159        type: u32
160        byte-order: big-endian
161        doc: number of chains in this table
162      -
163        name: handle
164        type: u64
165        byte-order: big-endian
166        doc: numeric handle of the table
167      -
168        name: userdata
169        type: binary
170        doc: user data
171  -
172    name: chain-attrs
173    attributes:
174      -
175        name: table
176        type: string
177        doc: name of the table containing the chain
178      -
179        name: handle
180        type: u64
181        byte-order: big-endian
182        doc: numeric handle of the chain
183      -
184        name: name
185        type: string
186        doc: name of the chain
187      -
188        name: hook
189        type: nest
190        nested-attributes: nft-hook-attrs
191        doc: hook specification for basechains
192      -
193        name: policy
194        type: u32
195        byte-order: big-endian
196        doc: numeric policy of the chain
197      -
198        name: use
199        type: u32
200        byte-order: big-endian
201        doc: number of references to this chain
202      -
203        name: type
204        type: string
205        doc: type name of the chain
206      -
207        name: counters
208        type: nest
209        nested-attributes: nft-counter-attrs
210        doc: counter specification of the chain
211      -
212        name: flags
213        type: u32
214        byte-order: big-endian
215        doc: chain flags
216        enum: chain-flags
217        enum-as-flags: true
218      -
219        name: id
220        type: u32
221        byte-order: big-endian
222        doc: uniquely identifies a chain in a transaction
223      -
224        name: userdata
225        type: binary
226        doc: user data
227  -
228    name: counter-attrs
229    attributes:
230      -
231        name: bytes
232        type: u64
233        byte-order: big-endian
234      -
235        name: packets
236        type: u64
237        byte-order: big-endian
238      -
239        name: pad
240        type: pad
241  -
242    name: nft-hook-attrs
243    attributes:
244      -
245        name: num
246        type: u32
247        byte-order: big-endian
248      -
249        name: priority
250        type: s32
251        byte-order: big-endian
252      -
253        name: dev
254        type: string
255        doc: net device name
256      -
257        name: devs
258        type: nest
259        nested-attributes: hook-dev-attrs
260        doc: list of net devices
261  -
262    name: hook-dev-attrs
263    attributes:
264      -
265        name: name
266        type: string
267        multi-attr: true
268  -
269    name: nft-counter-attrs
270    attributes:
271      -
272        name: bytes
273        type: u64
274      -
275        name: packets
276        type: u64
277  -
278    name: rule-attrs
279    attributes:
280      -
281        name: table
282        type: string
283        doc: name of the table containing the rule
284      -
285        name: chain
286        type: string
287        doc: name of the chain containing the rule
288      -
289        name: handle
290        type: u64
291        byte-order: big-endian
292        doc: numeric handle of the rule
293      -
294        name: expressions
295        type: nest
296        nested-attributes: expr-list-attrs
297        doc: list of expressions
298      -
299        name: compat
300        type: nest
301        nested-attributes: rule-compat-attrs
302        doc: compatibility specifications of the rule
303      -
304        name: position
305        type: u64
306        byte-order: big-endian
307        doc: numeric handle of the previous rule
308      -
309        name: userdata
310        type: binary
311        doc: user data
312      -
313        name: id
314        type: u32
315        doc: uniquely identifies a rule in a transaction
316      -
317        name: position-id
318        type: u32
319        doc: transaction unique identifier of the previous rule
320      -
321        name: chain-id
322        type: u32
323        doc: add the rule to chain by ID, alternative to chain name
324  -
325    name: expr-list-attrs
326    attributes:
327      -
328        name: elem
329        type: nest
330        nested-attributes: expr-attrs
331        multi-attr: true
332  -
333    name: expr-attrs
334    attributes:
335      -
336        name: name
337        type: string
338        doc: name of the expression type
339      -
340        name: data
341        type: sub-message
342        sub-message: expr-ops
343        selector: name
344        doc: type specific data
345  -
346    name: rule-compat-attrs
347    attributes:
348      -
349        name: proto
350        type: binary
351        doc: numeric value of the handled protocol
352      -
353        name: flags
354        type: binary
355        doc: bitmask of flags
356  -
357    name: set-attrs
358    attributes:
359      -
360        name: table
361        type: string
362        doc: table name
363      -
364        name: name
365        type: string
366        doc: set name
367      -
368        name: flags
369        type: u32
370        enum: set-flags
371        byte-order: big-endian
372        doc: bitmask of enum nft_set_flags
373      -
374        name: key-type
375        type: u32
376        byte-order: big-endian
377        doc: key data type, informational purpose only
378      -
379        name: key-len
380        type: u32
381        byte-order: big-endian
382        doc: key data length
383      -
384        name: data-type
385        type: u32
386        byte-order: big-endian
387        doc: mapping data type
388      -
389        name: data-len
390        type: u32
391        byte-order: big-endian
392        doc: mapping data length
393      -
394        name: policy
395        type: u32
396        byte-order: big-endian
397        doc: selection policy
398      -
399        name: desc
400        type: nest
401        nested-attributes: set-desc-attrs
402        doc: set description
403      -
404        name: id
405        type: u32
406        doc: uniquely identifies a set in a transaction
407      -
408        name: timeout
409        type: u64
410        doc: default timeout value
411      -
412        name: gc-interval
413        type: u32
414        doc: garbage collection interval
415      -
416        name: userdata
417        type: binary
418        doc: user data
419      -
420        name: pad
421        type: pad
422      -
423        name: obj-type
424        type: u32
425        byte-order: big-endian
426        doc: stateful object type
427      -
428        name: handle
429        type: u64
430        byte-order: big-endian
431        doc: set handle
432      -
433        name: expr
434        type: nest
435        nested-attributes: expr-attrs
436        doc: set expression
437        multi-attr: true
438      -
439        name: expressions
440        type: nest
441        nested-attributes: set-list-attrs
442        doc: list of expressions
443  -
444    name: set-desc-attrs
445    attributes:
446      -
447        name: size
448        type: u32
449        byte-order: big-endian
450        doc: number of elements in set
451      -
452        name: concat
453        type: nest
454        nested-attributes: set-desc-concat-attrs
455        doc: description of field concatenation
456        multi-attr: true
457  -
458    name: set-desc-concat-attrs
459    attributes:
460      -
461        name: elem
462        type: nest
463        nested-attributes: set-field-attrs
464  -
465    name: set-field-attrs
466    attributes:
467      -
468        name: len
469        type: u32
470        byte-order: big-endian
471  -
472    name: set-list-attrs
473    attributes:
474      -
475        name: elem
476        type: nest
477        nested-attributes: expr-attrs
478        multi-attr: true
479  -
480    name: setelem-attrs
481    attributes:
482      -
483        name: key
484        type: nest
485        nested-attributes: data-attrs
486        doc: key value
487      -
488        name: data
489        type: nest
490        nested-attributes: data-attrs
491        doc: data value of mapping
492      -
493        name: flags
494        type: binary
495        doc: bitmask of nft_set_elem_flags
496      -
497        name: timeout
498        type: u64
499        doc: timeout value
500      -
501        name: expiration
502        type: u64
503        doc: expiration time
504      -
505        name: userdata
506        type: binary
507        doc: user data
508      -
509        name: expr
510        type: nest
511        nested-attributes: expr-attrs
512        doc: expression
513      -
514        name: objref
515        type: string
516        doc: stateful object reference
517      -
518        name: key-end
519        type: nest
520        nested-attributes: data-attrs
521        doc: closing key value
522      -
523        name: expressions
524        type: nest
525        nested-attributes: expr-list-attrs
526        doc: list of expressions
527  -
528    name: setelem-list-elem-attrs
529    attributes:
530      -
531        name: elem
532        type: nest
533        nested-attributes: setelem-attrs
534        multi-attr: true
535  -
536    name: setelem-list-attrs
537    attributes:
538      -
539        name: table
540        type: string
541      -
542        name: set
543        type: string
544      -
545        name: elements
546        type: nest
547        nested-attributes: setelem-list-elem-attrs
548      -
549        name: set-id
550        type: u32
551  -
552    name: gen-attrs
553    attributes:
554      -
555        name: id
556        type: u32
557        byte-order: big-endian
558        doc: ruleset generation id
559      -
560        name: proc-pid
561        type: u32
562        byte-order: big-endian
563      -
564        name: proc-name
565        type: string
566  -
567    name: obj-attrs
568    attributes:
569      -
570        name: table
571        type: string
572        doc: name of the table containing the expression
573      -
574        name: name
575        type: string
576        doc: name of this expression type
577      -
578        name: type
579        type: u32
580        enum: object-type
581        byte-order: big-endian
582        doc: stateful object type
583      -
584        name: data
585        type: sub-message
586        sub-message: obj-data
587        selector: type
588        doc: stateful object data
589      -
590        name: use
591        type: u32
592        byte-order: big-endian
593        doc: number of references to this expression
594      -
595        name: handle
596        type: u64
597        byte-order: big-endian
598        doc: object handle
599      -
600        name: pad
601        type: pad
602      -
603        name: userdata
604        type: binary
605        doc: user data
606  -
607    name: quota-attrs
608    attributes:
609      -
610        name: bytes
611        type: u64
612        byte-order: big-endian
613      -
614        name: flags # TODO
615        type: u32
616        byte-order: big-endian
617      -
618        name: pad
619        type: pad
620      -
621        name: consumed
622        type: u64
623        byte-order: big-endian
624  -
625    name: flowtable-attrs
626    attributes:
627      -
628        name: table
629        type: string
630      -
631        name: name
632        type: string
633      -
634        name: hook
635        type: nest
636        nested-attributes: flowtable-hook-attrs
637      -
638        name: use
639        type: u32
640        byte-order: big-endian
641      -
642        name: handle
643        type: u64
644        byte-order: big-endian
645      -
646        name: pad
647        type: pad
648      -
649        name: flags
650        type: u32
651        byte-order: big-endian
652  -
653    name: flowtable-hook-attrs
654    attributes:
655      -
656        name: num
657        type: u32
658        byte-order: big-endian
659      -
660        name: priority
661        type: u32
662        byte-order: big-endian
663      -
664        name: devs
665        type: nest
666        nested-attributes: hook-dev-attrs
667  -
668    name: expr-cmp-attrs
669    attributes:
670      -
671        name: sreg
672        type: u32
673        byte-order: big-endian
674      -
675        name: op
676        type: u32
677        byte-order: big-endian
678        enum: cmp-ops
679      -
680        name: data
681        type: nest
682        nested-attributes: data-attrs
683  -
684    name: data-attrs
685    attributes:
686      -
687        name: value
688        type: binary
689        # sub-type: u8
690      -
691        name: verdict
692        type: nest
693        nested-attributes: verdict-attrs
694  -
695    name: verdict-attrs
696    attributes:
697      -
698        name: code
699        type: u32
700        byte-order: big-endian
701      -
702        name: chain
703        type: string
704      -
705        name: chain-id
706        type: u32
707  -
708    name: expr-counter-attrs
709    attributes:
710      -
711        name: bytes
712        type: u64
713        doc: Number of bytes
714      -
715        name: packets
716        type: u64
717        doc: Number of packets
718      -
719        name: pad
720        type: pad
721  -
722    name: expr-flow-offload-attrs
723    attributes:
724      -
725        name: name
726        type: string
727        doc: Flow offload table name
728  -
729    name: expr-immediate-attrs
730    attributes:
731      -
732        name: dreg
733        type: u32
734        byte-order: big-endian
735      -
736        name: data
737        type: nest
738        nested-attributes: data-attrs
739  -
740    name: expr-meta-attrs
741    attributes:
742      -
743        name: dreg
744        type: u32
745        byte-order: big-endian
746      -
747        name: key
748        type: u32
749        byte-order: big-endian
750        enum: meta-keys
751      -
752        name: sreg
753        type: u32
754        byte-order: big-endian
755  -
756    name: expr-nat-attrs
757    attributes:
758      -
759        name: type
760        type: u32
761        byte-order: big-endian
762      -
763        name: family
764        type: u32
765        byte-order: big-endian
766      -
767        name: reg-addr-min
768        type: u32
769        byte-order: big-endian
770      -
771        name: reg-addr-max
772        type: u32
773        byte-order: big-endian
774      -
775        name: reg-proto-min
776        type: u32
777        byte-order: big-endian
778      -
779        name: reg-proto-max
780        type: u32
781        byte-order: big-endian
782      -
783        name: flags
784        type: u32
785        byte-order: big-endian
786        enum: nat-range-flags
787        enum-as-flags: true
788  -
789    name: expr-payload-attrs
790    attributes:
791      -
792        name: dreg
793        type: u32
794        byte-order: big-endian
795      -
796        name: base
797        type: u32
798        byte-order: big-endian
799      -
800        name: offset
801        type: u32
802        byte-order: big-endian
803      -
804        name: len
805        type: u32
806        byte-order: big-endian
807      -
808        name: sreg
809        type: u32
810        byte-order: big-endian
811      -
812        name: csum-type
813        type: u32
814        byte-order: big-endian
815      -
816        name: csum-offset
817        type: u32
818        byte-order: big-endian
819      -
820        name: csum-flags
821        type: u32
822        byte-order: big-endian
823  -
824    name: expr-tproxy-attrs
825    attributes:
826      -
827        name: family
828        type: u32
829        byte-order: big-endian
830      -
831        name: reg-addr
832        type: u32
833        byte-order: big-endian
834      -
835        name: reg-port
836        type: u32
837        byte-order: big-endian
838
839sub-messages:
840  -
841    name: expr-ops
842    formats:
843      -
844        value: bitwise # TODO
845      -
846        value: cmp
847        attribute-set: expr-cmp-attrs
848      -
849        value: counter
850        attribute-set: expr-counter-attrs
851      -
852        value: ct # TODO
853      -
854        value: flow_offload
855        attribute-set: expr-flow-offload-attrs
856      -
857        value: immediate
858        attribute-set: expr-immediate-attrs
859      -
860        value: lookup # TODO
861      -
862        value: meta
863        attribute-set: expr-meta-attrs
864      -
865        value: nat
866        attribute-set: expr-nat-attrs
867      -
868        value: payload
869        attribute-set: expr-payload-attrs
870      -
871        value: tproxy
872        attribute-set: expr-tproxy-attrs
873  -
874    name: obj-data
875    formats:
876      -
877        value: counter
878        attribute-set: counter-attrs
879      -
880        value: quota
881        attribute-set: quota-attrs
882
883operations:
884  enum-model: directional
885  list:
886    -
887      name: batch-begin
888      doc: Start a batch of operations
889      attribute-set: batch-attrs
890      fixed-header: nfgenmsg
891      do:
892        request:
893          value: 0x10
894          attributes:
895            - genid
896        reply:
897          value: 0x10
898          attributes:
899            - genid
900    -
901      name: batch-end
902      doc: Finish a batch of operations
903      attribute-set: batch-attrs
904      fixed-header: nfgenmsg
905      do:
906        request:
907          value: 0x11
908          attributes:
909            - genid
910    -
911      name: newtable
912      doc: Create a new table.
913      attribute-set: table-attrs
914      fixed-header: nfgenmsg
915      do:
916        request:
917          value: 0xa00
918          attributes:
919            - name
920    -
921      name: gettable
922      doc: Get / dump tables.
923      attribute-set: table-attrs
924      fixed-header: nfgenmsg
925      do:
926        request:
927          value: 0xa01
928          attributes:
929            - name
930        reply:
931          value: 0xa00
932          attributes:
933            - name
934    -
935      name: deltable
936      doc: Delete an existing table.
937      attribute-set: table-attrs
938      fixed-header: nfgenmsg
939      do:
940        request:
941          value: 0xa02
942          attributes:
943            - name
944    -
945      name: destroytable
946      doc: Delete an existing table with destroy semantics (ignoring ENOENT errors).
947      attribute-set: table-attrs
948      fixed-header: nfgenmsg
949      do:
950        request:
951          value: 0xa1a
952          attributes:
953            - name
954    -
955      name: newchain
956      doc: Create a new chain.
957      attribute-set: chain-attrs
958      fixed-header: nfgenmsg
959      do:
960        request:
961          value: 0xa03
962          attributes:
963            - name
964    -
965      name: getchain
966      doc: Get / dump chains.
967      attribute-set: chain-attrs
968      fixed-header: nfgenmsg
969      do:
970        request:
971          value: 0xa04
972          attributes:
973            - name
974        reply:
975          value: 0xa03
976          attributes:
977            - name
978    -
979      name: delchain
980      doc: Delete an existing chain.
981      attribute-set: chain-attrs
982      fixed-header: nfgenmsg
983      do:
984        request:
985          value: 0xa05
986          attributes:
987            - name
988    -
989      name: destroychain
990      doc: Delete an existing chain with destroy semantics (ignoring ENOENT errors).
991      attribute-set: chain-attrs
992      fixed-header: nfgenmsg
993      do:
994        request:
995          value: 0xa1b
996          attributes:
997            - name
998    -
999      name: newrule
1000      doc: Create a new rule.
1001      attribute-set: rule-attrs
1002      fixed-header: nfgenmsg
1003      do:
1004        request:
1005          value: 0xa06
1006          attributes:
1007            - name
1008    -
1009      name: getrule
1010      doc: Get / dump rules.
1011      attribute-set: rule-attrs
1012      fixed-header: nfgenmsg
1013      do:
1014        request:
1015          value: 0xa07
1016          attributes:
1017            - name
1018        reply:
1019          value: 0xa06
1020          attributes:
1021            - name
1022    -
1023      name: getrule-reset
1024      doc: Get / dump rules and reset stateful expressions.
1025      attribute-set: rule-attrs
1026      fixed-header: nfgenmsg
1027      do:
1028        request:
1029          value: 0xa19
1030          attributes:
1031            - name
1032        reply:
1033          value: 0xa06
1034          attributes:
1035            - name
1036    -
1037      name: delrule
1038      doc: Delete an existing rule.
1039      attribute-set: rule-attrs
1040      fixed-header: nfgenmsg
1041      do:
1042        request:
1043          value: 0xa08
1044          attributes:
1045            - name
1046    -
1047      name: destroyrule
1048      doc: Delete an existing rule with destroy semantics (ignoring ENOENT errors).
1049      attribute-set: rule-attrs
1050      fixed-header: nfgenmsg
1051      do:
1052        request:
1053          value: 0xa1c
1054          attributes:
1055            - name
1056    -
1057      name: newset
1058      doc: Create a new set.
1059      attribute-set: set-attrs
1060      fixed-header: nfgenmsg
1061      do:
1062        request:
1063          value: 0xa09
1064          attributes:
1065            - name
1066    -
1067      name: getset
1068      doc: Get / dump sets.
1069      attribute-set: set-attrs
1070      fixed-header: nfgenmsg
1071      do:
1072        request:
1073          value: 0xa0a
1074          attributes:
1075            - name
1076        reply:
1077          value: 0xa09
1078          attributes:
1079            - name
1080    -
1081      name: delset
1082      doc: Delete an existing set.
1083      attribute-set: set-attrs
1084      fixed-header: nfgenmsg
1085      do:
1086        request:
1087          value: 0xa0b
1088          attributes:
1089            - name
1090    -
1091      name: destroyset
1092      doc: Delete an existing set with destroy semantics (ignoring ENOENT errors).
1093      attribute-set: set-attrs
1094      fixed-header: nfgenmsg
1095      do:
1096        request:
1097          value: 0xa1d
1098          attributes:
1099            - name
1100    -
1101      name: newsetelem
1102      doc: Create a new set element.
1103      attribute-set: setelem-list-attrs
1104      fixed-header: nfgenmsg
1105      do:
1106        request:
1107          value: 0xa0c
1108          attributes:
1109            - name
1110    -
1111      name: getsetelem
1112      doc: Get / dump set elements.
1113      attribute-set: setelem-list-attrs
1114      fixed-header: nfgenmsg
1115      do:
1116        request:
1117          value: 0xa0d
1118          attributes:
1119            - name
1120        reply:
1121          value: 0xa0c
1122          attributes:
1123            - name
1124    -
1125      name: getsetelem-reset
1126      doc: Get / dump set elements and reset stateful expressions.
1127      attribute-set: setelem-list-attrs
1128      fixed-header: nfgenmsg
1129      do:
1130        request:
1131          value: 0xa21
1132          attributes:
1133            - name
1134        reply:
1135          value: 0xa0c
1136          attributes:
1137            - name
1138    -
1139      name: delsetelem
1140      doc: Delete an existing set element.
1141      attribute-set: setelem-list-attrs
1142      fixed-header: nfgenmsg
1143      do:
1144        request:
1145          value: 0xa0e
1146          attributes:
1147            - name
1148    -
1149      name: destroysetelem
1150      doc: Delete an existing set element with destroy semantics.
1151      attribute-set: setelem-list-attrs
1152      fixed-header: nfgenmsg
1153      do:
1154        request:
1155          value: 0xa1e
1156          attributes:
1157            - name
1158    -
1159      name: getgen
1160      doc: Get / dump rule-set generation.
1161      attribute-set: gen-attrs
1162      fixed-header: nfgenmsg
1163      do:
1164        request:
1165          value: 0xa10
1166          attributes:
1167            - name
1168        reply:
1169          value: 0xa0f
1170          attributes:
1171            - name
1172    -
1173      name: newobj
1174      doc: Create a new stateful object.
1175      attribute-set: obj-attrs
1176      fixed-header: nfgenmsg
1177      do:
1178        request:
1179          value: 0xa12
1180          attributes:
1181            - name
1182    -
1183      name: getobj
1184      doc: Get / dump stateful objects.
1185      attribute-set: obj-attrs
1186      fixed-header: nfgenmsg
1187      do:
1188        request:
1189          value: 0xa13
1190          attributes:
1191            - name
1192        reply:
1193          value: 0xa12
1194          attributes:
1195            - name
1196    -
1197      name: delobj
1198      doc: Delete an existing stateful object.
1199      attribute-set: obj-attrs
1200      fixed-header: nfgenmsg
1201      do:
1202        request:
1203          value: 0xa14
1204          attributes:
1205            - name
1206    -
1207      name: destroyobj
1208      doc: Delete an existing stateful object with destroy semantics.
1209      attribute-set: obj-attrs
1210      fixed-header: nfgenmsg
1211      do:
1212        request:
1213          value: 0xa1f
1214          attributes:
1215            - name
1216    -
1217      name: newflowtable
1218      doc: Create a new flow table.
1219      attribute-set: flowtable-attrs
1220      fixed-header: nfgenmsg
1221      do:
1222        request:
1223          value: 0xa16
1224          attributes:
1225            - name
1226    -
1227      name: getflowtable
1228      doc: Get / dump flow tables.
1229      attribute-set: flowtable-attrs
1230      fixed-header: nfgenmsg
1231      do:
1232        request:
1233          value: 0xa17
1234          attributes:
1235            - name
1236        reply:
1237          value: 0xa16
1238          attributes:
1239            - name
1240    -
1241      name: delflowtable
1242      doc: Delete an existing flow table.
1243      attribute-set: flowtable-attrs
1244      fixed-header: nfgenmsg
1245      do:
1246        request:
1247          value: 0xa18
1248          attributes:
1249            - name
1250    -
1251      name: destroyflowtable
1252      doc: Delete an existing flow table with destroy semantics.
1253      attribute-set: flowtable-attrs
1254      fixed-header: nfgenmsg
1255      do:
1256        request:
1257          value: 0xa20
1258          attributes:
1259            - name
1260
1261mcast-groups:
1262  list:
1263    -
1264      name: mgmt
1265