1# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 2--- 3name: nftables 4protocol: netlink-raw 5protonum: 12 6 7doc: 8 Netfilter nftables configuration over netlink. 9 10definitions: 11 - 12 name: nfgenmsg 13 type: struct 14 members: 15 - 16 name: nfgen-family 17 type: u8 18 - 19 name: version 20 type: u8 21 - 22 name: res-id 23 byte-order: big-endian 24 type: u16 25 - 26 name: meta-keys 27 type: enum 28 entries: 29 - len 30 - protocol 31 - priority 32 - mark 33 - iif 34 - oif 35 - iifname 36 - oifname 37 - iftype 38 - oiftype 39 - skuid 40 - skgid 41 - nftrace 42 - rtclassid 43 - secmark 44 - nfproto 45 - l4-proto 46 - bri-iifname 47 - bri-oifname 48 - pkttype 49 - cpu 50 - iifgroup 51 - oifgroup 52 - cgroup 53 - prandom 54 - secpath 55 - iifkind 56 - oifkind 57 - bri-iifpvid 58 - bri-iifvproto 59 - time-ns 60 - time-day 61 - time-hour 62 - sdif 63 - sdifname 64 - bri-broute 65 - 66 name: bitwise-ops 67 type: enum 68 entries: 69 - bool 70 - lshift 71 - rshift 72 - 73 name: cmp-ops 74 type: enum 75 entries: 76 - eq 77 - neq 78 - lt 79 - lte 80 - gt 81 - gte 82 - 83 name: object-type 84 type: enum 85 entries: 86 - unspec 87 - counter 88 - quota 89 - ct-helper 90 - limit 91 - connlimit 92 - tunnel 93 - ct-timeout 94 - secmark 95 - ct-expect 96 - synproxy 97 - 98 name: nat-range-flags 99 type: flags 100 entries: 101 - map-ips 102 - proto-specified 103 - proto-random 104 - persistent 105 - proto-random-fully 106 - proto-offset 107 - netmap 108 - 109 name: table-flags 110 type: flags 111 entries: 112 - dormant 113 - owner 114 - persist 115 - 116 name: chain-flags 117 type: flags 118 entries: 119 - base 120 - hw-offload 121 - binding 122 - 123 name: set-flags 124 type: flags 125 entries: 126 - anonymous 127 - constant 128 - interval 129 - map 130 - timeout 131 - eval 132 - object 133 - concat 134 - expr 135 - 136 name: lookup-flags 137 type: flags 138 entries: 139 - invert 140 - 141 name: ct-keys 142 type: enum 143 entries: 144 - state 145 - direction 146 - status 147 - mark 148 - secmark 149 - expiration 150 - helper 151 - l3protocol 152 - src 153 - dst 154 - protocol 155 - proto-src 156 - proto-dst 157 - labels 158 - pkts 159 - bytes 160 - avgpkt 161 - zone 162 - eventmask 163 - src-ip 164 - dst-ip 165 - src-ip6 166 - dst-ip6 167 - ct-id 168 - 169 name: ct-direction 170 type: enum 171 entries: 172 - original 173 - reply 174 - 175 name: quota-flags 176 type: flags 177 entries: 178 - invert 179 - depleted 180 - 181 name: verdict-code 182 type: enum 183 entries: 184 - name: continue 185 value: 0xffffffff 186 - name: break 187 value: 0xfffffffe 188 - name: jump 189 value: 0xfffffffd 190 - name: goto 191 value: 0xfffffffc 192 - name: return 193 value: 0xfffffffb 194 - name: drop 195 value: 0 196 - name: accept 197 value: 1 198 - name: stolen 199 value: 2 200 - name: queue 201 value: 3 202 - name: repeat 203 value: 4 204 - 205 name: fib-result 206 type: enum 207 entries: 208 - oif 209 - oifname 210 - addrtype 211 - 212 name: fib-flags 213 type: flags 214 entries: 215 - saddr 216 - daddr 217 - mark 218 - iif 219 - oif 220 - present 221 - 222 name: reject-types 223 type: enum 224 entries: 225 - icmp-unreach 226 - tcp-rst 227 - icmpx-unreach 228 229attribute-sets: 230 - 231 name: empty-attrs 232 attributes: 233 - 234 name: name 235 type: string 236 - 237 name: batch-attrs 238 attributes: 239 - 240 name: genid 241 type: u32 242 byte-order: big-endian 243 - 244 name: table-attrs 245 attributes: 246 - 247 name: name 248 type: string 249 doc: name of the table 250 - 251 name: flags 252 type: u32 253 byte-order: big-endian 254 doc: bitmask of flags 255 enum: table-flags 256 enum-as-flags: true 257 - 258 name: use 259 type: u32 260 byte-order: big-endian 261 doc: number of chains in this table 262 - 263 name: handle 264 type: u64 265 byte-order: big-endian 266 doc: numeric handle of the table 267 - 268 name: userdata 269 type: binary 270 doc: user data 271 - 272 name: chain-attrs 273 attributes: 274 - 275 name: table 276 type: string 277 doc: name of the table containing the chain 278 - 279 name: handle 280 type: u64 281 byte-order: big-endian 282 doc: numeric handle of the chain 283 - 284 name: name 285 type: string 286 doc: name of the chain 287 - 288 name: hook 289 type: nest 290 nested-attributes: nft-hook-attrs 291 doc: hook specification for basechains 292 - 293 name: policy 294 type: u32 295 byte-order: big-endian 296 doc: numeric policy of the chain 297 - 298 name: use 299 type: u32 300 byte-order: big-endian 301 doc: number of references to this chain 302 - 303 name: type 304 type: string 305 doc: type name of the chain 306 - 307 name: counters 308 type: nest 309 nested-attributes: nft-counter-attrs 310 doc: counter specification of the chain 311 - 312 name: flags 313 type: u32 314 byte-order: big-endian 315 doc: chain flags 316 enum: chain-flags 317 enum-as-flags: true 318 - 319 name: id 320 type: u32 321 byte-order: big-endian 322 doc: uniquely identifies a chain in a transaction 323 - 324 name: userdata 325 type: binary 326 doc: user data 327 - 328 name: counter-attrs 329 attributes: 330 - 331 name: bytes 332 type: u64 333 byte-order: big-endian 334 - 335 name: packets 336 type: u64 337 byte-order: big-endian 338 - 339 name: pad 340 type: pad 341 - 342 name: nft-hook-attrs 343 attributes: 344 - 345 name: num 346 type: u32 347 byte-order: big-endian 348 - 349 name: priority 350 type: s32 351 byte-order: big-endian 352 - 353 name: dev 354 type: string 355 doc: net device name 356 - 357 name: devs 358 type: nest 359 nested-attributes: hook-dev-attrs 360 doc: list of net devices 361 - 362 name: hook-dev-attrs 363 attributes: 364 - 365 name: name 366 type: string 367 multi-attr: true 368 - 369 name: nft-counter-attrs 370 attributes: 371 - 372 name: bytes 373 type: u64 374 - 375 name: packets 376 type: u64 377 - 378 name: rule-attrs 379 attributes: 380 - 381 name: table 382 type: string 383 doc: name of the table containing the rule 384 - 385 name: chain 386 type: string 387 doc: name of the chain containing the rule 388 - 389 name: handle 390 type: u64 391 byte-order: big-endian 392 doc: numeric handle of the rule 393 - 394 name: expressions 395 type: nest 396 nested-attributes: expr-list-attrs 397 doc: list of expressions 398 - 399 name: compat 400 type: nest 401 nested-attributes: rule-compat-attrs 402 doc: compatibility specifications of the rule 403 - 404 name: position 405 type: u64 406 byte-order: big-endian 407 doc: numeric handle of the previous rule 408 - 409 name: userdata 410 type: binary 411 doc: user data 412 - 413 name: id 414 type: u32 415 doc: uniquely identifies a rule in a transaction 416 - 417 name: position-id 418 type: u32 419 doc: transaction unique identifier of the previous rule 420 - 421 name: chain-id 422 type: u32 423 doc: add the rule to chain by ID, alternative to chain name 424 - 425 name: expr-list-attrs 426 attributes: 427 - 428 name: elem 429 type: nest 430 nested-attributes: expr-attrs 431 multi-attr: true 432 - 433 name: expr-attrs 434 attributes: 435 - 436 name: name 437 type: string 438 doc: name of the expression type 439 - 440 name: data 441 type: sub-message 442 sub-message: expr-ops 443 selector: name 444 doc: type specific data 445 - 446 name: rule-compat-attrs 447 attributes: 448 - 449 name: proto 450 type: binary 451 doc: numeric value of the handled protocol 452 - 453 name: flags 454 type: binary 455 doc: bitmask of flags 456 - 457 name: set-attrs 458 attributes: 459 - 460 name: table 461 type: string 462 doc: table name 463 - 464 name: name 465 type: string 466 doc: set name 467 - 468 name: flags 469 type: u32 470 enum: set-flags 471 byte-order: big-endian 472 doc: bitmask of enum nft_set_flags 473 - 474 name: key-type 475 type: u32 476 byte-order: big-endian 477 doc: key data type, informational purpose only 478 - 479 name: key-len 480 type: u32 481 byte-order: big-endian 482 doc: key data length 483 - 484 name: data-type 485 type: u32 486 byte-order: big-endian 487 doc: mapping data type 488 - 489 name: data-len 490 type: u32 491 byte-order: big-endian 492 doc: mapping data length 493 - 494 name: policy 495 type: u32 496 byte-order: big-endian 497 doc: selection policy 498 - 499 name: desc 500 type: nest 501 nested-attributes: set-desc-attrs 502 doc: set description 503 - 504 name: id 505 type: u32 506 doc: uniquely identifies a set in a transaction 507 - 508 name: timeout 509 type: u64 510 doc: default timeout value 511 - 512 name: gc-interval 513 type: u32 514 doc: garbage collection interval 515 - 516 name: userdata 517 type: binary 518 doc: user data 519 - 520 name: pad 521 type: pad 522 - 523 name: obj-type 524 type: u32 525 byte-order: big-endian 526 doc: stateful object type 527 - 528 name: handle 529 type: u64 530 byte-order: big-endian 531 doc: set handle 532 - 533 name: expr 534 type: nest 535 nested-attributes: expr-attrs 536 doc: set expression 537 multi-attr: true 538 - 539 name: expressions 540 type: nest 541 nested-attributes: set-list-attrs 542 doc: list of expressions 543 - 544 name: set-desc-attrs 545 attributes: 546 - 547 name: size 548 type: u32 549 byte-order: big-endian 550 doc: number of elements in set 551 - 552 name: concat 553 type: nest 554 nested-attributes: set-desc-concat-attrs 555 doc: description of field concatenation 556 multi-attr: true 557 - 558 name: set-desc-concat-attrs 559 attributes: 560 - 561 name: elem 562 type: nest 563 nested-attributes: set-field-attrs 564 - 565 name: set-field-attrs 566 attributes: 567 - 568 name: len 569 type: u32 570 byte-order: big-endian 571 - 572 name: set-list-attrs 573 attributes: 574 - 575 name: elem 576 type: nest 577 nested-attributes: expr-attrs 578 multi-attr: true 579 - 580 name: setelem-attrs 581 attributes: 582 - 583 name: key 584 type: nest 585 nested-attributes: data-attrs 586 doc: key value 587 - 588 name: data 589 type: nest 590 nested-attributes: data-attrs 591 doc: data value of mapping 592 - 593 name: flags 594 type: binary 595 doc: bitmask of nft_set_elem_flags 596 - 597 name: timeout 598 type: u64 599 doc: timeout value 600 - 601 name: expiration 602 type: u64 603 doc: expiration time 604 - 605 name: userdata 606 type: binary 607 doc: user data 608 - 609 name: expr 610 type: nest 611 nested-attributes: expr-attrs 612 doc: expression 613 - 614 name: objref 615 type: string 616 doc: stateful object reference 617 - 618 name: key-end 619 type: nest 620 nested-attributes: data-attrs 621 doc: closing key value 622 - 623 name: expressions 624 type: nest 625 nested-attributes: expr-list-attrs 626 doc: list of expressions 627 - 628 name: setelem-list-elem-attrs 629 attributes: 630 - 631 name: elem 632 type: nest 633 nested-attributes: setelem-attrs 634 multi-attr: true 635 - 636 name: setelem-list-attrs 637 attributes: 638 - 639 name: table 640 type: string 641 - 642 name: set 643 type: string 644 - 645 name: elements 646 type: nest 647 nested-attributes: setelem-list-elem-attrs 648 - 649 name: set-id 650 type: u32 651 - 652 name: gen-attrs 653 attributes: 654 - 655 name: id 656 type: u32 657 byte-order: big-endian 658 doc: ruleset generation id 659 - 660 name: proc-pid 661 type: u32 662 byte-order: big-endian 663 - 664 name: proc-name 665 type: string 666 - 667 name: obj-attrs 668 attributes: 669 - 670 name: table 671 type: string 672 doc: name of the table containing the expression 673 - 674 name: name 675 type: string 676 doc: name of this expression type 677 - 678 name: type 679 type: u32 680 enum: object-type 681 byte-order: big-endian 682 doc: stateful object type 683 - 684 name: data 685 type: sub-message 686 sub-message: obj-data 687 selector: type 688 doc: stateful object data 689 - 690 name: use 691 type: u32 692 byte-order: big-endian 693 doc: number of references to this expression 694 - 695 name: handle 696 type: u64 697 byte-order: big-endian 698 doc: object handle 699 - 700 name: pad 701 type: pad 702 - 703 name: userdata 704 type: binary 705 doc: user data 706 - 707 name: quota-attrs 708 attributes: 709 - 710 name: bytes 711 type: u64 712 byte-order: big-endian 713 - 714 name: flags 715 type: u32 716 byte-order: big-endian 717 enum: quota-flags 718 - 719 name: pad 720 type: pad 721 - 722 name: consumed 723 type: u64 724 byte-order: big-endian 725 - 726 name: flowtable-attrs 727 attributes: 728 - 729 name: table 730 type: string 731 - 732 name: name 733 type: string 734 - 735 name: hook 736 type: nest 737 nested-attributes: flowtable-hook-attrs 738 - 739 name: use 740 type: u32 741 byte-order: big-endian 742 - 743 name: handle 744 type: u64 745 byte-order: big-endian 746 - 747 name: pad 748 type: pad 749 - 750 name: flags 751 type: u32 752 byte-order: big-endian 753 - 754 name: flowtable-hook-attrs 755 attributes: 756 - 757 name: num 758 type: u32 759 byte-order: big-endian 760 - 761 name: priority 762 type: u32 763 byte-order: big-endian 764 - 765 name: devs 766 type: nest 767 nested-attributes: hook-dev-attrs 768 - 769 name: expr-bitwise-attrs 770 attributes: 771 - 772 name: sreg 773 type: u32 774 byte-order: big-endian 775 - 776 name: dreg 777 type: u32 778 byte-order: big-endian 779 - 780 name: len 781 type: u32 782 byte-order: big-endian 783 - 784 name: mask 785 type: nest 786 nested-attributes: data-attrs 787 - 788 name: xor 789 type: nest 790 nested-attributes: data-attrs 791 - 792 name: op 793 type: u32 794 byte-order: big-endian 795 enum: bitwise-ops 796 - 797 name: data 798 type: nest 799 nested-attributes: data-attrs 800 - 801 name: expr-cmp-attrs 802 attributes: 803 - 804 name: sreg 805 type: u32 806 byte-order: big-endian 807 - 808 name: op 809 type: u32 810 byte-order: big-endian 811 enum: cmp-ops 812 - 813 name: data 814 type: nest 815 nested-attributes: data-attrs 816 - 817 name: data-attrs 818 attributes: 819 - 820 name: value 821 type: binary 822 # sub-type: u8 823 - 824 name: verdict 825 type: nest 826 nested-attributes: verdict-attrs 827 - 828 name: verdict-attrs 829 attributes: 830 - 831 name: code 832 type: u32 833 byte-order: big-endian 834 enum: verdict-code 835 - 836 name: chain 837 type: string 838 - 839 name: chain-id 840 type: u32 841 - 842 name: expr-counter-attrs 843 attributes: 844 - 845 name: bytes 846 type: u64 847 doc: Number of bytes 848 - 849 name: packets 850 type: u64 851 doc: Number of packets 852 - 853 name: pad 854 type: pad 855 - 856 name: expr-fib-attrs 857 attributes: 858 - 859 name: dreg 860 type: u32 861 byte-order: big-endian 862 - 863 name: result 864 type: u32 865 byte-order: big-endian 866 enum: fib-result 867 - 868 name: flags 869 type: u32 870 byte-order: big-endian 871 enum: fib-flags 872 - 873 name: expr-ct-attrs 874 attributes: 875 - 876 name: dreg 877 type: u32 878 byte-order: big-endian 879 - 880 name: key 881 type: u32 882 byte-order: big-endian 883 enum: ct-keys 884 - 885 name: direction 886 type: u8 887 enum: ct-direction 888 - 889 name: sreg 890 type: u32 891 byte-order: big-endian 892 - 893 name: expr-flow-offload-attrs 894 attributes: 895 - 896 name: name 897 type: string 898 doc: Flow offload table name 899 - 900 name: expr-immediate-attrs 901 attributes: 902 - 903 name: dreg 904 type: u32 905 byte-order: big-endian 906 - 907 name: data 908 type: nest 909 nested-attributes: data-attrs 910 - 911 name: expr-lookup-attrs 912 attributes: 913 - 914 name: set 915 type: string 916 doc: Name of set to use 917 - 918 name: set id 919 type: u32 920 byte-order: big-endian 921 doc: ID of set to use 922 - 923 name: sreg 924 type: u32 925 byte-order: big-endian 926 - 927 name: dreg 928 type: u32 929 byte-order: big-endian 930 - 931 name: flags 932 type: u32 933 byte-order: big-endian 934 enum: lookup-flags 935 - 936 name: expr-meta-attrs 937 attributes: 938 - 939 name: dreg 940 type: u32 941 byte-order: big-endian 942 - 943 name: key 944 type: u32 945 byte-order: big-endian 946 enum: meta-keys 947 - 948 name: sreg 949 type: u32 950 byte-order: big-endian 951 - 952 name: expr-nat-attrs 953 attributes: 954 - 955 name: type 956 type: u32 957 byte-order: big-endian 958 - 959 name: family 960 type: u32 961 byte-order: big-endian 962 - 963 name: reg-addr-min 964 type: u32 965 byte-order: big-endian 966 - 967 name: reg-addr-max 968 type: u32 969 byte-order: big-endian 970 - 971 name: reg-proto-min 972 type: u32 973 byte-order: big-endian 974 - 975 name: reg-proto-max 976 type: u32 977 byte-order: big-endian 978 - 979 name: flags 980 type: u32 981 byte-order: big-endian 982 enum: nat-range-flags 983 enum-as-flags: true 984 - 985 name: expr-payload-attrs 986 attributes: 987 - 988 name: dreg 989 type: u32 990 byte-order: big-endian 991 - 992 name: base 993 type: u32 994 byte-order: big-endian 995 - 996 name: offset 997 type: u32 998 byte-order: big-endian 999 - 1000 name: len 1001 type: u32 1002 byte-order: big-endian 1003 - 1004 name: sreg 1005 type: u32 1006 byte-order: big-endian 1007 - 1008 name: csum-type 1009 type: u32 1010 byte-order: big-endian 1011 - 1012 name: csum-offset 1013 type: u32 1014 byte-order: big-endian 1015 - 1016 name: csum-flags 1017 type: u32 1018 byte-order: big-endian 1019 - 1020 name: expr-reject-attrs 1021 attributes: 1022 - 1023 name: type 1024 type: u32 1025 byte-order: big-endian 1026 enum: reject-types 1027 - 1028 name: icmp-code 1029 type: u8 1030 - 1031 name: expr-target-attrs 1032 attributes: 1033 - 1034 name: name 1035 type: string 1036 - 1037 name: rev 1038 type: u32 1039 byte-order: big-endian 1040 - 1041 name: info 1042 type: binary 1043 - 1044 name: expr-tproxy-attrs 1045 attributes: 1046 - 1047 name: family 1048 type: u32 1049 byte-order: big-endian 1050 - 1051 name: reg-addr 1052 type: u32 1053 byte-order: big-endian 1054 - 1055 name: reg-port 1056 type: u32 1057 byte-order: big-endian 1058 - 1059 name: expr-objref-attrs 1060 attributes: 1061 - 1062 name: imm-type 1063 type: u32 1064 byte-order: big-endian 1065 - 1066 name: imm-name 1067 type: string 1068 doc: object name 1069 - 1070 name: set-sreg 1071 type: u32 1072 byte-order: big-endian 1073 - 1074 name: set-name 1075 type: string 1076 doc: name of object map 1077 - 1078 name: set-id 1079 type: u32 1080 byte-order: big-endian 1081 doc: id of object map 1082 1083sub-messages: 1084 - 1085 name: expr-ops 1086 formats: 1087 - 1088 value: bitwise 1089 attribute-set: expr-bitwise-attrs 1090 - 1091 value: cmp 1092 attribute-set: expr-cmp-attrs 1093 - 1094 value: counter 1095 attribute-set: expr-counter-attrs 1096 - 1097 value: ct 1098 attribute-set: expr-ct-attrs 1099 - 1100 value: fib 1101 attribute-set: expr-fib-attrs 1102 - 1103 value: flow_offload 1104 attribute-set: expr-flow-offload-attrs 1105 - 1106 value: immediate 1107 attribute-set: expr-immediate-attrs 1108 - 1109 value: lookup 1110 attribute-set: expr-lookup-attrs 1111 - 1112 value: meta 1113 attribute-set: expr-meta-attrs 1114 - 1115 value: nat 1116 attribute-set: expr-nat-attrs 1117 - 1118 value: objref 1119 attribute-set: expr-objref-attrs 1120 - 1121 value: payload 1122 attribute-set: expr-payload-attrs 1123 - 1124 value: quota 1125 attribute-set: quota-attrs 1126 - 1127 value: reject 1128 attribute-set: expr-reject-attrs 1129 - 1130 value: target 1131 attribute-set: expr-target-attrs 1132 - 1133 value: tproxy 1134 attribute-set: expr-tproxy-attrs 1135 - 1136 name: obj-data 1137 formats: 1138 - 1139 value: counter 1140 attribute-set: counter-attrs 1141 - 1142 value: quota 1143 attribute-set: quota-attrs 1144 1145operations: 1146 enum-model: directional 1147 list: 1148 - 1149 name: batch-begin 1150 doc: Start a batch of operations 1151 attribute-set: batch-attrs 1152 fixed-header: nfgenmsg 1153 do: 1154 request: 1155 value: 0x10 1156 attributes: 1157 - genid 1158 reply: 1159 value: 0x10 1160 attributes: 1161 - genid 1162 - 1163 name: batch-end 1164 doc: Finish a batch of operations 1165 attribute-set: batch-attrs 1166 fixed-header: nfgenmsg 1167 do: 1168 request: 1169 value: 0x11 1170 attributes: 1171 - genid 1172 - 1173 name: newtable 1174 doc: Create a new table. 1175 attribute-set: table-attrs 1176 fixed-header: nfgenmsg 1177 do: 1178 request: 1179 value: 0xa00 1180 attributes: 1181 - name 1182 - 1183 name: gettable 1184 doc: Get / dump tables. 1185 attribute-set: table-attrs 1186 fixed-header: nfgenmsg 1187 do: 1188 request: 1189 value: 0xa01 1190 attributes: 1191 - name 1192 reply: 1193 value: 0xa00 1194 attributes: 1195 - name 1196 - 1197 name: deltable 1198 doc: Delete an existing table. 1199 attribute-set: table-attrs 1200 fixed-header: nfgenmsg 1201 do: 1202 request: 1203 value: 0xa02 1204 attributes: 1205 - name 1206 - 1207 name: destroytable 1208 doc: | 1209 Delete an existing table with destroy semantics (ignoring ENOENT 1210 errors). 1211 attribute-set: table-attrs 1212 fixed-header: nfgenmsg 1213 do: 1214 request: 1215 value: 0xa1a 1216 attributes: 1217 - name 1218 - 1219 name: newchain 1220 doc: Create a new chain. 1221 attribute-set: chain-attrs 1222 fixed-header: nfgenmsg 1223 do: 1224 request: 1225 value: 0xa03 1226 attributes: 1227 - name 1228 - 1229 name: getchain 1230 doc: Get / dump chains. 1231 attribute-set: chain-attrs 1232 fixed-header: nfgenmsg 1233 do: 1234 request: 1235 value: 0xa04 1236 attributes: 1237 - name 1238 reply: 1239 value: 0xa03 1240 attributes: 1241 - name 1242 - 1243 name: delchain 1244 doc: Delete an existing chain. 1245 attribute-set: chain-attrs 1246 fixed-header: nfgenmsg 1247 do: 1248 request: 1249 value: 0xa05 1250 attributes: 1251 - name 1252 - 1253 name: destroychain 1254 doc: | 1255 Delete an existing chain with destroy semantics (ignoring ENOENT 1256 errors). 1257 attribute-set: chain-attrs 1258 fixed-header: nfgenmsg 1259 do: 1260 request: 1261 value: 0xa1b 1262 attributes: 1263 - name 1264 - 1265 name: newrule 1266 doc: Create a new rule. 1267 attribute-set: rule-attrs 1268 fixed-header: nfgenmsg 1269 do: 1270 request: 1271 value: 0xa06 1272 attributes: 1273 - name 1274 - 1275 name: getrule 1276 doc: Get / dump rules. 1277 attribute-set: rule-attrs 1278 fixed-header: nfgenmsg 1279 do: 1280 request: 1281 value: 0xa07 1282 attributes: 1283 - name 1284 reply: 1285 value: 0xa06 1286 attributes: 1287 - name 1288 - 1289 name: getrule-reset 1290 doc: Get / dump rules and reset stateful expressions. 1291 attribute-set: rule-attrs 1292 fixed-header: nfgenmsg 1293 do: 1294 request: 1295 value: 0xa19 1296 attributes: 1297 - name 1298 reply: 1299 value: 0xa06 1300 attributes: 1301 - name 1302 - 1303 name: delrule 1304 doc: Delete an existing rule. 1305 attribute-set: rule-attrs 1306 fixed-header: nfgenmsg 1307 do: 1308 request: 1309 value: 0xa08 1310 attributes: 1311 - name 1312 - 1313 name: destroyrule 1314 doc: | 1315 Delete an existing rule with destroy semantics (ignoring ENOENT errors). 1316 attribute-set: rule-attrs 1317 fixed-header: nfgenmsg 1318 do: 1319 request: 1320 value: 0xa1c 1321 attributes: 1322 - name 1323 - 1324 name: newset 1325 doc: Create a new set. 1326 attribute-set: set-attrs 1327 fixed-header: nfgenmsg 1328 do: 1329 request: 1330 value: 0xa09 1331 attributes: 1332 - name 1333 - 1334 name: getset 1335 doc: Get / dump sets. 1336 attribute-set: set-attrs 1337 fixed-header: nfgenmsg 1338 do: 1339 request: 1340 value: 0xa0a 1341 attributes: 1342 - name 1343 reply: 1344 value: 0xa09 1345 attributes: 1346 - name 1347 - 1348 name: delset 1349 doc: Delete an existing set. 1350 attribute-set: set-attrs 1351 fixed-header: nfgenmsg 1352 do: 1353 request: 1354 value: 0xa0b 1355 attributes: 1356 - name 1357 - 1358 name: destroyset 1359 doc: | 1360 Delete an existing set with destroy semantics (ignoring ENOENT errors). 1361 attribute-set: set-attrs 1362 fixed-header: nfgenmsg 1363 do: 1364 request: 1365 value: 0xa1d 1366 attributes: 1367 - name 1368 - 1369 name: newsetelem 1370 doc: Create a new set element. 1371 attribute-set: setelem-list-attrs 1372 fixed-header: nfgenmsg 1373 do: 1374 request: 1375 value: 0xa0c 1376 attributes: 1377 - name 1378 - 1379 name: getsetelem 1380 doc: Get / dump set elements. 1381 attribute-set: setelem-list-attrs 1382 fixed-header: nfgenmsg 1383 do: 1384 request: 1385 value: 0xa0d 1386 attributes: 1387 - name 1388 reply: 1389 value: 0xa0c 1390 attributes: 1391 - name 1392 - 1393 name: getsetelem-reset 1394 doc: Get / dump set elements and reset stateful expressions. 1395 attribute-set: setelem-list-attrs 1396 fixed-header: nfgenmsg 1397 do: 1398 request: 1399 value: 0xa21 1400 attributes: 1401 - name 1402 reply: 1403 value: 0xa0c 1404 attributes: 1405 - name 1406 - 1407 name: delsetelem 1408 doc: Delete an existing set element. 1409 attribute-set: setelem-list-attrs 1410 fixed-header: nfgenmsg 1411 do: 1412 request: 1413 value: 0xa0e 1414 attributes: 1415 - name 1416 - 1417 name: destroysetelem 1418 doc: Delete an existing set element with destroy semantics. 1419 attribute-set: setelem-list-attrs 1420 fixed-header: nfgenmsg 1421 do: 1422 request: 1423 value: 0xa1e 1424 attributes: 1425 - name 1426 - 1427 name: getgen 1428 doc: Get / dump rule-set generation. 1429 attribute-set: gen-attrs 1430 fixed-header: nfgenmsg 1431 do: 1432 request: 1433 value: 0xa10 1434 attributes: 1435 - name 1436 reply: 1437 value: 0xa0f 1438 attributes: 1439 - name 1440 - 1441 name: newobj 1442 doc: Create a new stateful object. 1443 attribute-set: obj-attrs 1444 fixed-header: nfgenmsg 1445 do: 1446 request: 1447 value: 0xa12 1448 attributes: 1449 - name 1450 - 1451 name: getobj 1452 doc: Get / dump stateful objects. 1453 attribute-set: obj-attrs 1454 fixed-header: nfgenmsg 1455 do: 1456 request: 1457 value: 0xa13 1458 attributes: 1459 - name 1460 reply: 1461 value: 0xa12 1462 attributes: 1463 - name 1464 - 1465 name: delobj 1466 doc: Delete an existing stateful object. 1467 attribute-set: obj-attrs 1468 fixed-header: nfgenmsg 1469 do: 1470 request: 1471 value: 0xa14 1472 attributes: 1473 - name 1474 - 1475 name: destroyobj 1476 doc: Delete an existing stateful object with destroy semantics. 1477 attribute-set: obj-attrs 1478 fixed-header: nfgenmsg 1479 do: 1480 request: 1481 value: 0xa1f 1482 attributes: 1483 - name 1484 - 1485 name: newflowtable 1486 doc: Create a new flow table. 1487 attribute-set: flowtable-attrs 1488 fixed-header: nfgenmsg 1489 do: 1490 request: 1491 value: 0xa16 1492 attributes: 1493 - name 1494 - 1495 name: getflowtable 1496 doc: Get / dump flow tables. 1497 attribute-set: flowtable-attrs 1498 fixed-header: nfgenmsg 1499 do: 1500 request: 1501 value: 0xa17 1502 attributes: 1503 - name 1504 reply: 1505 value: 0xa16 1506 attributes: 1507 - name 1508 - 1509 name: delflowtable 1510 doc: Delete an existing flow table. 1511 attribute-set: flowtable-attrs 1512 fixed-header: nfgenmsg 1513 do: 1514 request: 1515 value: 0xa18 1516 attributes: 1517 - name 1518 - 1519 name: destroyflowtable 1520 doc: Delete an existing flow table with destroy semantics. 1521 attribute-set: flowtable-attrs 1522 fixed-header: nfgenmsg 1523 do: 1524 request: 1525 value: 0xa20 1526 attributes: 1527 - name 1528 1529mcast-groups: 1530 list: 1531 - 1532 name: mgmt 1533