1# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 2 3name: nftables 4protocol: netlink-raw 5protonum: 12 6 7doc: 8 Netfilter nftables configuration over netlink. 9 10definitions: 11 - 12 name: nfgenmsg 13 type: struct 14 members: 15 - 16 name: nfgen-family 17 type: u8 18 - 19 name: version 20 type: u8 21 - 22 name: res-id 23 byte-order: big-endian 24 type: u16 25 - 26 name: meta-keys 27 type: enum 28 entries: 29 - len 30 - protocol 31 - priority 32 - mark 33 - iif 34 - oif 35 - iifname 36 - oifname 37 - iftype 38 - oiftype 39 - skuid 40 - skgid 41 - nftrace 42 - rtclassid 43 - secmark 44 - nfproto 45 - l4-proto 46 - bri-iifname 47 - bri-oifname 48 - pkttype 49 - cpu 50 - iifgroup 51 - oifgroup 52 - cgroup 53 - prandom 54 - secpath 55 - iifkind 56 - oifkind 57 - bri-iifpvid 58 - bri-iifvproto 59 - time-ns 60 - time-day 61 - time-hour 62 - sdif 63 - sdifname 64 - bri-broute 65 - 66 name: bitwise-ops 67 type: enum 68 entries: 69 - bool 70 - lshift 71 - rshift 72 - 73 name: cmp-ops 74 type: enum 75 entries: 76 - eq 77 - neq 78 - lt 79 - lte 80 - gt 81 - gte 82 - 83 name: object-type 84 type: enum 85 entries: 86 - unspec 87 - counter 88 - quota 89 - ct-helper 90 - limit 91 - connlimit 92 - tunnel 93 - ct-timeout 94 - secmark 95 - ct-expect 96 - synproxy 97 - 98 name: nat-range-flags 99 type: flags 100 entries: 101 - map-ips 102 - proto-specified 103 - proto-random 104 - persistent 105 - proto-random-fully 106 - proto-offset 107 - netmap 108 - 109 name: table-flags 110 type: flags 111 entries: 112 - dormant 113 - owner 114 - persist 115 - 116 name: chain-flags 117 type: flags 118 entries: 119 - base 120 - hw-offload 121 - binding 122 - 123 name: set-flags 124 type: flags 125 entries: 126 - anonymous 127 - constant 128 - interval 129 - map 130 - timeout 131 - eval 132 - object 133 - concat 134 - expr 135 - 136 name: lookup-flags 137 type: flags 138 entries: 139 - invert 140 - 141 name: ct-keys 142 type: enum 143 entries: 144 - state 145 - direction 146 - status 147 - mark 148 - secmark 149 - expiration 150 - helper 151 - l3protocol 152 - src 153 - dst 154 - protocol 155 - proto-src 156 - proto-dst 157 - labels 158 - pkts 159 - bytes 160 - avgpkt 161 - zone 162 - eventmask 163 - src-ip 164 - dst-ip 165 - src-ip6 166 - dst-ip6 167 - ct-id 168 - 169 name: ct-direction 170 type: enum 171 entries: 172 - original 173 - reply 174 - 175 name: quota-flags 176 type: flags 177 entries: 178 - invert 179 - depleted 180 - 181 name: verdict-code 182 type: enum 183 entries: 184 - name: continue 185 value: 0xffffffff 186 - name: break 187 value: 0xfffffffe 188 - name: jump 189 value: 0xfffffffd 190 - name: goto 191 value: 0xfffffffc 192 - name: return 193 value: 0xfffffffb 194 - name: drop 195 value: 0 196 - name: accept 197 value: 1 198 - name: stolen 199 value: 2 200 - name: queue 201 value: 3 202 - name: repeat 203 value: 4 204 - 205 name: fib-result 206 type: enum 207 entries: 208 - oif 209 - oifname 210 - addrtype 211 - 212 name: fib-flags 213 type: flags 214 entries: 215 - saddr 216 - daddr 217 - mark 218 - iif 219 - oif 220 - present 221 - 222 name: reject-types 223 type: enum 224 entries: 225 - icmp-unreach 226 - tcp-rst 227 - icmpx-unreach 228 229attribute-sets: 230 - 231 name: empty-attrs 232 attributes: 233 - 234 name: name 235 type: string 236 - 237 name: batch-attrs 238 attributes: 239 - 240 name: genid 241 type: u32 242 byte-order: big-endian 243 - 244 name: table-attrs 245 attributes: 246 - 247 name: name 248 type: string 249 doc: name of the table 250 - 251 name: flags 252 type: u32 253 byte-order: big-endian 254 doc: bitmask of flags 255 enum: table-flags 256 enum-as-flags: true 257 - 258 name: use 259 type: u32 260 byte-order: big-endian 261 doc: number of chains in this table 262 - 263 name: handle 264 type: u64 265 byte-order: big-endian 266 doc: numeric handle of the table 267 - 268 name: userdata 269 type: binary 270 doc: user data 271 - 272 name: chain-attrs 273 attributes: 274 - 275 name: table 276 type: string 277 doc: name of the table containing the chain 278 - 279 name: handle 280 type: u64 281 byte-order: big-endian 282 doc: numeric handle of the chain 283 - 284 name: name 285 type: string 286 doc: name of the chain 287 - 288 name: hook 289 type: nest 290 nested-attributes: nft-hook-attrs 291 doc: hook specification for basechains 292 - 293 name: policy 294 type: u32 295 byte-order: big-endian 296 doc: numeric policy of the chain 297 - 298 name: use 299 type: u32 300 byte-order: big-endian 301 doc: number of references to this chain 302 - 303 name: type 304 type: string 305 doc: type name of the chain 306 - 307 name: counters 308 type: nest 309 nested-attributes: nft-counter-attrs 310 doc: counter specification of the chain 311 - 312 name: flags 313 type: u32 314 byte-order: big-endian 315 doc: chain flags 316 enum: chain-flags 317 enum-as-flags: true 318 - 319 name: id 320 type: u32 321 byte-order: big-endian 322 doc: uniquely identifies a chain in a transaction 323 - 324 name: userdata 325 type: binary 326 doc: user data 327 - 328 name: counter-attrs 329 attributes: 330 - 331 name: bytes 332 type: u64 333 byte-order: big-endian 334 - 335 name: packets 336 type: u64 337 byte-order: big-endian 338 - 339 name: pad 340 type: pad 341 - 342 name: nft-hook-attrs 343 attributes: 344 - 345 name: num 346 type: u32 347 byte-order: big-endian 348 - 349 name: priority 350 type: s32 351 byte-order: big-endian 352 - 353 name: dev 354 type: string 355 doc: net device name 356 - 357 name: devs 358 type: nest 359 nested-attributes: hook-dev-attrs 360 doc: list of net devices 361 - 362 name: hook-dev-attrs 363 attributes: 364 - 365 name: name 366 type: string 367 multi-attr: true 368 - 369 name: nft-counter-attrs 370 attributes: 371 - 372 name: bytes 373 type: u64 374 - 375 name: packets 376 type: u64 377 - 378 name: rule-attrs 379 attributes: 380 - 381 name: table 382 type: string 383 doc: name of the table containing the rule 384 - 385 name: chain 386 type: string 387 doc: name of the chain containing the rule 388 - 389 name: handle 390 type: u64 391 byte-order: big-endian 392 doc: numeric handle of the rule 393 - 394 name: expressions 395 type: nest 396 nested-attributes: expr-list-attrs 397 doc: list of expressions 398 - 399 name: compat 400 type: nest 401 nested-attributes: rule-compat-attrs 402 doc: compatibility specifications of the rule 403 - 404 name: position 405 type: u64 406 byte-order: big-endian 407 doc: numeric handle of the previous rule 408 - 409 name: userdata 410 type: binary 411 doc: user data 412 - 413 name: id 414 type: u32 415 doc: uniquely identifies a rule in a transaction 416 - 417 name: position-id 418 type: u32 419 doc: transaction unique identifier of the previous rule 420 - 421 name: chain-id 422 type: u32 423 doc: add the rule to chain by ID, alternative to chain name 424 - 425 name: expr-list-attrs 426 attributes: 427 - 428 name: elem 429 type: nest 430 nested-attributes: expr-attrs 431 multi-attr: true 432 - 433 name: expr-attrs 434 attributes: 435 - 436 name: name 437 type: string 438 doc: name of the expression type 439 - 440 name: data 441 type: sub-message 442 sub-message: expr-ops 443 selector: name 444 doc: type specific data 445 - 446 name: rule-compat-attrs 447 attributes: 448 - 449 name: proto 450 type: binary 451 doc: numeric value of the handled protocol 452 - 453 name: flags 454 type: binary 455 doc: bitmask of flags 456 - 457 name: set-attrs 458 attributes: 459 - 460 name: table 461 type: string 462 doc: table name 463 - 464 name: name 465 type: string 466 doc: set name 467 - 468 name: flags 469 type: u32 470 enum: set-flags 471 byte-order: big-endian 472 doc: bitmask of enum nft_set_flags 473 - 474 name: key-type 475 type: u32 476 byte-order: big-endian 477 doc: key data type, informational purpose only 478 - 479 name: key-len 480 type: u32 481 byte-order: big-endian 482 doc: key data length 483 - 484 name: data-type 485 type: u32 486 byte-order: big-endian 487 doc: mapping data type 488 - 489 name: data-len 490 type: u32 491 byte-order: big-endian 492 doc: mapping data length 493 - 494 name: policy 495 type: u32 496 byte-order: big-endian 497 doc: selection policy 498 - 499 name: desc 500 type: nest 501 nested-attributes: set-desc-attrs 502 doc: set description 503 - 504 name: id 505 type: u32 506 doc: uniquely identifies a set in a transaction 507 - 508 name: timeout 509 type: u64 510 doc: default timeout value 511 - 512 name: gc-interval 513 type: u32 514 doc: garbage collection interval 515 - 516 name: userdata 517 type: binary 518 doc: user data 519 - 520 name: pad 521 type: pad 522 - 523 name: obj-type 524 type: u32 525 byte-order: big-endian 526 doc: stateful object type 527 - 528 name: handle 529 type: u64 530 byte-order: big-endian 531 doc: set handle 532 - 533 name: expr 534 type: nest 535 nested-attributes: expr-attrs 536 doc: set expression 537 multi-attr: true 538 - 539 name: expressions 540 type: nest 541 nested-attributes: set-list-attrs 542 doc: list of expressions 543 - 544 name: set-desc-attrs 545 attributes: 546 - 547 name: size 548 type: u32 549 byte-order: big-endian 550 doc: number of elements in set 551 - 552 name: concat 553 type: nest 554 nested-attributes: set-desc-concat-attrs 555 doc: description of field concatenation 556 multi-attr: true 557 - 558 name: set-desc-concat-attrs 559 attributes: 560 - 561 name: elem 562 type: nest 563 nested-attributes: set-field-attrs 564 - 565 name: set-field-attrs 566 attributes: 567 - 568 name: len 569 type: u32 570 byte-order: big-endian 571 - 572 name: set-list-attrs 573 attributes: 574 - 575 name: elem 576 type: nest 577 nested-attributes: expr-attrs 578 multi-attr: true 579 - 580 name: setelem-attrs 581 attributes: 582 - 583 name: key 584 type: nest 585 nested-attributes: data-attrs 586 doc: key value 587 - 588 name: data 589 type: nest 590 nested-attributes: data-attrs 591 doc: data value of mapping 592 - 593 name: flags 594 type: binary 595 doc: bitmask of nft_set_elem_flags 596 - 597 name: timeout 598 type: u64 599 doc: timeout value 600 - 601 name: expiration 602 type: u64 603 doc: expiration time 604 - 605 name: userdata 606 type: binary 607 doc: user data 608 - 609 name: expr 610 type: nest 611 nested-attributes: expr-attrs 612 doc: expression 613 - 614 name: objref 615 type: string 616 doc: stateful object reference 617 - 618 name: key-end 619 type: nest 620 nested-attributes: data-attrs 621 doc: closing key value 622 - 623 name: expressions 624 type: nest 625 nested-attributes: expr-list-attrs 626 doc: list of expressions 627 - 628 name: setelem-list-elem-attrs 629 attributes: 630 - 631 name: elem 632 type: nest 633 nested-attributes: setelem-attrs 634 multi-attr: true 635 - 636 name: setelem-list-attrs 637 attributes: 638 - 639 name: table 640 type: string 641 - 642 name: set 643 type: string 644 - 645 name: elements 646 type: nest 647 nested-attributes: setelem-list-elem-attrs 648 - 649 name: set-id 650 type: u32 651 - 652 name: gen-attrs 653 attributes: 654 - 655 name: id 656 type: u32 657 byte-order: big-endian 658 doc: ruleset generation id 659 - 660 name: proc-pid 661 type: u32 662 byte-order: big-endian 663 - 664 name: proc-name 665 type: string 666 - 667 name: obj-attrs 668 attributes: 669 - 670 name: table 671 type: string 672 doc: name of the table containing the expression 673 - 674 name: name 675 type: string 676 doc: name of this expression type 677 - 678 name: type 679 type: u32 680 enum: object-type 681 byte-order: big-endian 682 doc: stateful object type 683 - 684 name: data 685 type: sub-message 686 sub-message: obj-data 687 selector: type 688 doc: stateful object data 689 - 690 name: use 691 type: u32 692 byte-order: big-endian 693 doc: number of references to this expression 694 - 695 name: handle 696 type: u64 697 byte-order: big-endian 698 doc: object handle 699 - 700 name: pad 701 type: pad 702 - 703 name: userdata 704 type: binary 705 doc: user data 706 - 707 name: quota-attrs 708 attributes: 709 - 710 name: bytes 711 type: u64 712 byte-order: big-endian 713 - 714 name: flags 715 type: u32 716 byte-order: big-endian 717 enum: quota-flags 718 - 719 name: pad 720 type: pad 721 - 722 name: consumed 723 type: u64 724 byte-order: big-endian 725 - 726 name: flowtable-attrs 727 attributes: 728 - 729 name: table 730 type: string 731 - 732 name: name 733 type: string 734 - 735 name: hook 736 type: nest 737 nested-attributes: flowtable-hook-attrs 738 - 739 name: use 740 type: u32 741 byte-order: big-endian 742 - 743 name: handle 744 type: u64 745 byte-order: big-endian 746 - 747 name: pad 748 type: pad 749 - 750 name: flags 751 type: u32 752 byte-order: big-endian 753 - 754 name: flowtable-hook-attrs 755 attributes: 756 - 757 name: num 758 type: u32 759 byte-order: big-endian 760 - 761 name: priority 762 type: u32 763 byte-order: big-endian 764 - 765 name: devs 766 type: nest 767 nested-attributes: hook-dev-attrs 768 - 769 name: expr-bitwise-attrs 770 attributes: 771 - 772 name: sreg 773 type: u32 774 byte-order: big-endian 775 - 776 name: dreg 777 type: u32 778 byte-order: big-endian 779 - 780 name: len 781 type: u32 782 byte-order: big-endian 783 - 784 name: mask 785 type: nest 786 nested-attributes: data-attrs 787 - 788 name: xor 789 type: nest 790 nested-attributes: data-attrs 791 - 792 name: op 793 type: u32 794 byte-order: big-endian 795 enum: bitwise-ops 796 - 797 name: data 798 type: nest 799 nested-attributes: data-attrs 800 - 801 name: expr-cmp-attrs 802 attributes: 803 - 804 name: sreg 805 type: u32 806 byte-order: big-endian 807 - 808 name: op 809 type: u32 810 byte-order: big-endian 811 enum: cmp-ops 812 - 813 name: data 814 type: nest 815 nested-attributes: data-attrs 816 - 817 name: data-attrs 818 attributes: 819 - 820 name: value 821 type: binary 822 # sub-type: u8 823 - 824 name: verdict 825 type: nest 826 nested-attributes: verdict-attrs 827 - 828 name: verdict-attrs 829 attributes: 830 - 831 name: code 832 type: u32 833 byte-order: big-endian 834 enum: verdict-code 835 - 836 name: chain 837 type: string 838 - 839 name: chain-id 840 type: u32 841 - 842 name: expr-counter-attrs 843 attributes: 844 - 845 name: bytes 846 type: u64 847 doc: Number of bytes 848 - 849 name: packets 850 type: u64 851 doc: Number of packets 852 - 853 name: pad 854 type: pad 855 - 856 name: expr-fib-attrs 857 attributes: 858 - 859 name: dreg 860 type: u32 861 byte-order: big-endian 862 - 863 name: result 864 type: u32 865 byte-order: big-endian 866 enum: fib-result 867 - 868 name: flags 869 type: u32 870 byte-order: big-endian 871 enum: fib-flags 872 - 873 name: expr-ct-attrs 874 attributes: 875 - 876 name: dreg 877 type: u32 878 byte-order: big-endian 879 - 880 name: key 881 type: u32 882 byte-order: big-endian 883 enum: ct-keys 884 - 885 name: direction 886 type: u8 887 enum: ct-direction 888 - 889 name: sreg 890 type: u32 891 byte-order: big-endian 892 - 893 name: expr-flow-offload-attrs 894 attributes: 895 - 896 name: name 897 type: string 898 doc: Flow offload table name 899 - 900 name: expr-immediate-attrs 901 attributes: 902 - 903 name: dreg 904 type: u32 905 byte-order: big-endian 906 - 907 name: data 908 type: nest 909 nested-attributes: data-attrs 910 - 911 name: expr-lookup-attrs 912 attributes: 913 - 914 name: set 915 type: string 916 doc: Name of set to use 917 - 918 name: set id 919 type: u32 920 byte-order: big-endian 921 doc: ID of set to use 922 - 923 name: sreg 924 type: u32 925 byte-order: big-endian 926 - 927 name: dreg 928 type: u32 929 byte-order: big-endian 930 - 931 name: flags 932 type: u32 933 byte-order: big-endian 934 enum: lookup-flags 935 - 936 name: expr-meta-attrs 937 attributes: 938 - 939 name: dreg 940 type: u32 941 byte-order: big-endian 942 - 943 name: key 944 type: u32 945 byte-order: big-endian 946 enum: meta-keys 947 - 948 name: sreg 949 type: u32 950 byte-order: big-endian 951 - 952 name: expr-nat-attrs 953 attributes: 954 - 955 name: type 956 type: u32 957 byte-order: big-endian 958 - 959 name: family 960 type: u32 961 byte-order: big-endian 962 - 963 name: reg-addr-min 964 type: u32 965 byte-order: big-endian 966 - 967 name: reg-addr-max 968 type: u32 969 byte-order: big-endian 970 - 971 name: reg-proto-min 972 type: u32 973 byte-order: big-endian 974 - 975 name: reg-proto-max 976 type: u32 977 byte-order: big-endian 978 - 979 name: flags 980 type: u32 981 byte-order: big-endian 982 enum: nat-range-flags 983 enum-as-flags: true 984 - 985 name: expr-payload-attrs 986 attributes: 987 - 988 name: dreg 989 type: u32 990 byte-order: big-endian 991 - 992 name: base 993 type: u32 994 byte-order: big-endian 995 - 996 name: offset 997 type: u32 998 byte-order: big-endian 999 - 1000 name: len 1001 type: u32 1002 byte-order: big-endian 1003 - 1004 name: sreg 1005 type: u32 1006 byte-order: big-endian 1007 - 1008 name: csum-type 1009 type: u32 1010 byte-order: big-endian 1011 - 1012 name: csum-offset 1013 type: u32 1014 byte-order: big-endian 1015 - 1016 name: csum-flags 1017 type: u32 1018 byte-order: big-endian 1019 - 1020 name: expr-reject-attrs 1021 attributes: 1022 - 1023 name: type 1024 type: u32 1025 byte-order: big-endian 1026 enum: reject-types 1027 - 1028 name: icmp-code 1029 type: u8 1030 - 1031 name: expr-target-attrs 1032 attributes: 1033 - 1034 name: name 1035 type: string 1036 - 1037 name: rev 1038 type: u32 1039 byte-order: big-endian 1040 - 1041 name: info 1042 type: binary 1043 - 1044 name: expr-tproxy-attrs 1045 attributes: 1046 - 1047 name: family 1048 type: u32 1049 byte-order: big-endian 1050 - 1051 name: reg-addr 1052 type: u32 1053 byte-order: big-endian 1054 - 1055 name: reg-port 1056 type: u32 1057 byte-order: big-endian 1058 - 1059 name: expr-objref-attrs 1060 attributes: 1061 - 1062 name: imm-type 1063 type: u32 1064 byte-order: big-endian 1065 - 1066 name: imm-name 1067 type: string 1068 doc: object name 1069 - 1070 name: set-sreg 1071 type: u32 1072 byte-order: big-endian 1073 - 1074 name: set-name 1075 type: string 1076 doc: name of object map 1077 - 1078 name: set-id 1079 type: u32 1080 byte-order: big-endian 1081 doc: id of object map 1082 1083sub-messages: 1084 - 1085 name: expr-ops 1086 formats: 1087 - 1088 value: bitwise 1089 attribute-set: expr-bitwise-attrs 1090 - 1091 value: cmp 1092 attribute-set: expr-cmp-attrs 1093 - 1094 value: counter 1095 attribute-set: expr-counter-attrs 1096 - 1097 value: ct 1098 attribute-set: expr-ct-attrs 1099 - 1100 value: fib 1101 attribute-set: expr-fib-attrs 1102 - 1103 value: flow_offload 1104 attribute-set: expr-flow-offload-attrs 1105 - 1106 value: immediate 1107 attribute-set: expr-immediate-attrs 1108 - 1109 value: lookup 1110 attribute-set: expr-lookup-attrs 1111 - 1112 value: meta 1113 attribute-set: expr-meta-attrs 1114 - 1115 value: nat 1116 attribute-set: expr-nat-attrs 1117 - 1118 value: objref 1119 attribute-set: expr-objref-attrs 1120 - 1121 value: payload 1122 attribute-set: expr-payload-attrs 1123 - 1124 value: quota 1125 attribute-set: quota-attrs 1126 - 1127 value: reject 1128 attribute-set: expr-reject-attrs 1129 - 1130 value: target 1131 attribute-set: expr-target-attrs 1132 - 1133 value: tproxy 1134 attribute-set: expr-tproxy-attrs 1135 - 1136 name: obj-data 1137 formats: 1138 - 1139 value: counter 1140 attribute-set: counter-attrs 1141 - 1142 value: quota 1143 attribute-set: quota-attrs 1144 1145operations: 1146 enum-model: directional 1147 list: 1148 - 1149 name: batch-begin 1150 doc: Start a batch of operations 1151 attribute-set: batch-attrs 1152 fixed-header: nfgenmsg 1153 do: 1154 request: 1155 value: 0x10 1156 attributes: 1157 - genid 1158 reply: 1159 value: 0x10 1160 attributes: 1161 - genid 1162 - 1163 name: batch-end 1164 doc: Finish a batch of operations 1165 attribute-set: batch-attrs 1166 fixed-header: nfgenmsg 1167 do: 1168 request: 1169 value: 0x11 1170 attributes: 1171 - genid 1172 - 1173 name: newtable 1174 doc: Create a new table. 1175 attribute-set: table-attrs 1176 fixed-header: nfgenmsg 1177 do: 1178 request: 1179 value: 0xa00 1180 attributes: 1181 - name 1182 - 1183 name: gettable 1184 doc: Get / dump tables. 1185 attribute-set: table-attrs 1186 fixed-header: nfgenmsg 1187 do: 1188 request: 1189 value: 0xa01 1190 attributes: 1191 - name 1192 reply: 1193 value: 0xa00 1194 attributes: 1195 - name 1196 - 1197 name: deltable 1198 doc: Delete an existing table. 1199 attribute-set: table-attrs 1200 fixed-header: nfgenmsg 1201 do: 1202 request: 1203 value: 0xa02 1204 attributes: 1205 - name 1206 - 1207 name: destroytable 1208 doc: Delete an existing table with destroy semantics (ignoring ENOENT errors). 1209 attribute-set: table-attrs 1210 fixed-header: nfgenmsg 1211 do: 1212 request: 1213 value: 0xa1a 1214 attributes: 1215 - name 1216 - 1217 name: newchain 1218 doc: Create a new chain. 1219 attribute-set: chain-attrs 1220 fixed-header: nfgenmsg 1221 do: 1222 request: 1223 value: 0xa03 1224 attributes: 1225 - name 1226 - 1227 name: getchain 1228 doc: Get / dump chains. 1229 attribute-set: chain-attrs 1230 fixed-header: nfgenmsg 1231 do: 1232 request: 1233 value: 0xa04 1234 attributes: 1235 - name 1236 reply: 1237 value: 0xa03 1238 attributes: 1239 - name 1240 - 1241 name: delchain 1242 doc: Delete an existing chain. 1243 attribute-set: chain-attrs 1244 fixed-header: nfgenmsg 1245 do: 1246 request: 1247 value: 0xa05 1248 attributes: 1249 - name 1250 - 1251 name: destroychain 1252 doc: Delete an existing chain with destroy semantics (ignoring ENOENT errors). 1253 attribute-set: chain-attrs 1254 fixed-header: nfgenmsg 1255 do: 1256 request: 1257 value: 0xa1b 1258 attributes: 1259 - name 1260 - 1261 name: newrule 1262 doc: Create a new rule. 1263 attribute-set: rule-attrs 1264 fixed-header: nfgenmsg 1265 do: 1266 request: 1267 value: 0xa06 1268 attributes: 1269 - name 1270 - 1271 name: getrule 1272 doc: Get / dump rules. 1273 attribute-set: rule-attrs 1274 fixed-header: nfgenmsg 1275 do: 1276 request: 1277 value: 0xa07 1278 attributes: 1279 - name 1280 reply: 1281 value: 0xa06 1282 attributes: 1283 - name 1284 - 1285 name: getrule-reset 1286 doc: Get / dump rules and reset stateful expressions. 1287 attribute-set: rule-attrs 1288 fixed-header: nfgenmsg 1289 do: 1290 request: 1291 value: 0xa19 1292 attributes: 1293 - name 1294 reply: 1295 value: 0xa06 1296 attributes: 1297 - name 1298 - 1299 name: delrule 1300 doc: Delete an existing rule. 1301 attribute-set: rule-attrs 1302 fixed-header: nfgenmsg 1303 do: 1304 request: 1305 value: 0xa08 1306 attributes: 1307 - name 1308 - 1309 name: destroyrule 1310 doc: Delete an existing rule with destroy semantics (ignoring ENOENT errors). 1311 attribute-set: rule-attrs 1312 fixed-header: nfgenmsg 1313 do: 1314 request: 1315 value: 0xa1c 1316 attributes: 1317 - name 1318 - 1319 name: newset 1320 doc: Create a new set. 1321 attribute-set: set-attrs 1322 fixed-header: nfgenmsg 1323 do: 1324 request: 1325 value: 0xa09 1326 attributes: 1327 - name 1328 - 1329 name: getset 1330 doc: Get / dump sets. 1331 attribute-set: set-attrs 1332 fixed-header: nfgenmsg 1333 do: 1334 request: 1335 value: 0xa0a 1336 attributes: 1337 - name 1338 reply: 1339 value: 0xa09 1340 attributes: 1341 - name 1342 - 1343 name: delset 1344 doc: Delete an existing set. 1345 attribute-set: set-attrs 1346 fixed-header: nfgenmsg 1347 do: 1348 request: 1349 value: 0xa0b 1350 attributes: 1351 - name 1352 - 1353 name: destroyset 1354 doc: Delete an existing set with destroy semantics (ignoring ENOENT errors). 1355 attribute-set: set-attrs 1356 fixed-header: nfgenmsg 1357 do: 1358 request: 1359 value: 0xa1d 1360 attributes: 1361 - name 1362 - 1363 name: newsetelem 1364 doc: Create a new set element. 1365 attribute-set: setelem-list-attrs 1366 fixed-header: nfgenmsg 1367 do: 1368 request: 1369 value: 0xa0c 1370 attributes: 1371 - name 1372 - 1373 name: getsetelem 1374 doc: Get / dump set elements. 1375 attribute-set: setelem-list-attrs 1376 fixed-header: nfgenmsg 1377 do: 1378 request: 1379 value: 0xa0d 1380 attributes: 1381 - name 1382 reply: 1383 value: 0xa0c 1384 attributes: 1385 - name 1386 - 1387 name: getsetelem-reset 1388 doc: Get / dump set elements and reset stateful expressions. 1389 attribute-set: setelem-list-attrs 1390 fixed-header: nfgenmsg 1391 do: 1392 request: 1393 value: 0xa21 1394 attributes: 1395 - name 1396 reply: 1397 value: 0xa0c 1398 attributes: 1399 - name 1400 - 1401 name: delsetelem 1402 doc: Delete an existing set element. 1403 attribute-set: setelem-list-attrs 1404 fixed-header: nfgenmsg 1405 do: 1406 request: 1407 value: 0xa0e 1408 attributes: 1409 - name 1410 - 1411 name: destroysetelem 1412 doc: Delete an existing set element with destroy semantics. 1413 attribute-set: setelem-list-attrs 1414 fixed-header: nfgenmsg 1415 do: 1416 request: 1417 value: 0xa1e 1418 attributes: 1419 - name 1420 - 1421 name: getgen 1422 doc: Get / dump rule-set generation. 1423 attribute-set: gen-attrs 1424 fixed-header: nfgenmsg 1425 do: 1426 request: 1427 value: 0xa10 1428 attributes: 1429 - name 1430 reply: 1431 value: 0xa0f 1432 attributes: 1433 - name 1434 - 1435 name: newobj 1436 doc: Create a new stateful object. 1437 attribute-set: obj-attrs 1438 fixed-header: nfgenmsg 1439 do: 1440 request: 1441 value: 0xa12 1442 attributes: 1443 - name 1444 - 1445 name: getobj 1446 doc: Get / dump stateful objects. 1447 attribute-set: obj-attrs 1448 fixed-header: nfgenmsg 1449 do: 1450 request: 1451 value: 0xa13 1452 attributes: 1453 - name 1454 reply: 1455 value: 0xa12 1456 attributes: 1457 - name 1458 - 1459 name: delobj 1460 doc: Delete an existing stateful object. 1461 attribute-set: obj-attrs 1462 fixed-header: nfgenmsg 1463 do: 1464 request: 1465 value: 0xa14 1466 attributes: 1467 - name 1468 - 1469 name: destroyobj 1470 doc: Delete an existing stateful object with destroy semantics. 1471 attribute-set: obj-attrs 1472 fixed-header: nfgenmsg 1473 do: 1474 request: 1475 value: 0xa1f 1476 attributes: 1477 - name 1478 - 1479 name: newflowtable 1480 doc: Create a new flow table. 1481 attribute-set: flowtable-attrs 1482 fixed-header: nfgenmsg 1483 do: 1484 request: 1485 value: 0xa16 1486 attributes: 1487 - name 1488 - 1489 name: getflowtable 1490 doc: Get / dump flow tables. 1491 attribute-set: flowtable-attrs 1492 fixed-header: nfgenmsg 1493 do: 1494 request: 1495 value: 0xa17 1496 attributes: 1497 - name 1498 reply: 1499 value: 0xa16 1500 attributes: 1501 - name 1502 - 1503 name: delflowtable 1504 doc: Delete an existing flow table. 1505 attribute-set: flowtable-attrs 1506 fixed-header: nfgenmsg 1507 do: 1508 request: 1509 value: 0xa18 1510 attributes: 1511 - name 1512 - 1513 name: destroyflowtable 1514 doc: Delete an existing flow table with destroy semantics. 1515 attribute-set: flowtable-attrs 1516 fixed-header: nfgenmsg 1517 do: 1518 request: 1519 value: 0xa20 1520 attributes: 1521 - name 1522 1523mcast-groups: 1524 list: 1525 - 1526 name: mgmt 1527