xref: /linux/Documentation/netlink/specs/nftables.yaml (revision 566ab427f827b0256d3e8ce0235d088e6a9c28bd)
1# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
2
3name: nftables
4protocol: netlink-raw
5protonum: 12
6
7doc:
8  Netfilter nftables configuration over netlink.
9
10definitions:
11  -
12    name: nfgenmsg
13    type: struct
14    members:
15      -
16        name: nfgen-family
17        type: u8
18      -
19        name: version
20        type: u8
21      -
22        name: res-id
23        byte-order: big-endian
24        type: u16
25  -
26    name: meta-keys
27    type: enum
28    entries:
29      - len
30      - protocol
31      - priority
32      - mark
33      - iif
34      - oif
35      - iifname
36      - oifname
37      - iftype
38      - oiftype
39      - skuid
40      - skgid
41      - nftrace
42      - rtclassid
43      - secmark
44      - nfproto
45      - l4-proto
46      - bri-iifname
47      - bri-oifname
48      - pkttype
49      - cpu
50      - iifgroup
51      - oifgroup
52      - cgroup
53      - prandom
54      - secpath
55      - iifkind
56      - oifkind
57      - bri-iifpvid
58      - bri-iifvproto
59      - time-ns
60      - time-day
61      - time-hour
62      - sdif
63      - sdifname
64      - bri-broute
65  -
66    name: bitwise-ops
67    type: enum
68    entries:
69      - bool
70      - lshift
71      - rshift
72  -
73    name: cmp-ops
74    type: enum
75    entries:
76      - eq
77      - neq
78      - lt
79      - lte
80      - gt
81      - gte
82  -
83    name: object-type
84    type: enum
85    entries:
86      - unspec
87      - counter
88      - quota
89      - ct-helper
90      - limit
91      - connlimit
92      - tunnel
93      - ct-timeout
94      - secmark
95      - ct-expect
96      - synproxy
97  -
98    name: nat-range-flags
99    type: flags
100    entries:
101      - map-ips
102      - proto-specified
103      - proto-random
104      - persistent
105      - proto-random-fully
106      - proto-offset
107      - netmap
108  -
109    name: table-flags
110    type: flags
111    entries:
112      - dormant
113      - owner
114      - persist
115  -
116    name: chain-flags
117    type: flags
118    entries:
119      - base
120      - hw-offload
121      - binding
122  -
123    name: set-flags
124    type: flags
125    entries:
126      - anonymous
127      - constant
128      - interval
129      - map
130      - timeout
131      - eval
132      - object
133      - concat
134      - expr
135  -
136    name: lookup-flags
137    type: flags
138    entries:
139      - invert
140  -
141    name: ct-keys
142    type: enum
143    entries:
144      - state
145      - direction
146      - status
147      - mark
148      - secmark
149      - expiration
150      - helper
151      - l3protocol
152      - src
153      - dst
154      - protocol
155      - proto-src
156      - proto-dst
157      - labels
158      - pkts
159      - bytes
160      - avgpkt
161      - zone
162      - eventmask
163      - src-ip
164      - dst-ip
165      - src-ip6
166      - dst-ip6
167      - ct-id
168  -
169    name: ct-direction
170    type: enum
171    entries:
172      - original
173      - reply
174  -
175    name: quota-flags
176    type: flags
177    entries:
178      - invert
179      - depleted
180  -
181    name: verdict-code
182    type: enum
183    entries:
184      - name: continue
185        value: 0xffffffff
186      - name: break
187        value: 0xfffffffe
188      - name: jump
189        value: 0xfffffffd
190      - name: goto
191        value: 0xfffffffc
192      - name: return
193        value: 0xfffffffb
194      - name: drop
195        value: 0
196      - name: accept
197        value: 1
198      - name: stolen
199        value: 2
200      - name: queue
201        value: 3
202      - name: repeat
203        value: 4
204  -
205    name: fib-result
206    type: enum
207    entries:
208      - oif
209      - oifname
210      - addrtype
211  -
212    name: fib-flags
213    type: flags
214    entries:
215      - saddr
216      - daddr
217      - mark
218      - iif
219      - oif
220      - present
221  -
222    name: reject-types
223    type: enum
224    entries:
225      - icmp-unreach
226      - tcp-rst
227      - icmpx-unreach
228
229attribute-sets:
230  -
231    name: empty-attrs
232    attributes:
233      -
234        name: name
235        type: string
236  -
237    name: batch-attrs
238    attributes:
239      -
240        name: genid
241        type: u32
242        byte-order: big-endian
243  -
244    name: table-attrs
245    attributes:
246      -
247        name: name
248        type: string
249        doc: name of the table
250      -
251        name: flags
252        type: u32
253        byte-order: big-endian
254        doc: bitmask of flags
255        enum: table-flags
256        enum-as-flags: true
257      -
258        name: use
259        type: u32
260        byte-order: big-endian
261        doc: number of chains in this table
262      -
263        name: handle
264        type: u64
265        byte-order: big-endian
266        doc: numeric handle of the table
267      -
268        name: userdata
269        type: binary
270        doc: user data
271  -
272    name: chain-attrs
273    attributes:
274      -
275        name: table
276        type: string
277        doc: name of the table containing the chain
278      -
279        name: handle
280        type: u64
281        byte-order: big-endian
282        doc: numeric handle of the chain
283      -
284        name: name
285        type: string
286        doc: name of the chain
287      -
288        name: hook
289        type: nest
290        nested-attributes: nft-hook-attrs
291        doc: hook specification for basechains
292      -
293        name: policy
294        type: u32
295        byte-order: big-endian
296        doc: numeric policy of the chain
297      -
298        name: use
299        type: u32
300        byte-order: big-endian
301        doc: number of references to this chain
302      -
303        name: type
304        type: string
305        doc: type name of the chain
306      -
307        name: counters
308        type: nest
309        nested-attributes: nft-counter-attrs
310        doc: counter specification of the chain
311      -
312        name: flags
313        type: u32
314        byte-order: big-endian
315        doc: chain flags
316        enum: chain-flags
317        enum-as-flags: true
318      -
319        name: id
320        type: u32
321        byte-order: big-endian
322        doc: uniquely identifies a chain in a transaction
323      -
324        name: userdata
325        type: binary
326        doc: user data
327  -
328    name: counter-attrs
329    attributes:
330      -
331        name: bytes
332        type: u64
333        byte-order: big-endian
334      -
335        name: packets
336        type: u64
337        byte-order: big-endian
338      -
339        name: pad
340        type: pad
341  -
342    name: nft-hook-attrs
343    attributes:
344      -
345        name: num
346        type: u32
347        byte-order: big-endian
348      -
349        name: priority
350        type: s32
351        byte-order: big-endian
352      -
353        name: dev
354        type: string
355        doc: net device name
356      -
357        name: devs
358        type: nest
359        nested-attributes: hook-dev-attrs
360        doc: list of net devices
361  -
362    name: hook-dev-attrs
363    attributes:
364      -
365        name: name
366        type: string
367        multi-attr: true
368  -
369    name: nft-counter-attrs
370    attributes:
371      -
372        name: bytes
373        type: u64
374      -
375        name: packets
376        type: u64
377  -
378    name: rule-attrs
379    attributes:
380      -
381        name: table
382        type: string
383        doc: name of the table containing the rule
384      -
385        name: chain
386        type: string
387        doc: name of the chain containing the rule
388      -
389        name: handle
390        type: u64
391        byte-order: big-endian
392        doc: numeric handle of the rule
393      -
394        name: expressions
395        type: nest
396        nested-attributes: expr-list-attrs
397        doc: list of expressions
398      -
399        name: compat
400        type: nest
401        nested-attributes: rule-compat-attrs
402        doc: compatibility specifications of the rule
403      -
404        name: position
405        type: u64
406        byte-order: big-endian
407        doc: numeric handle of the previous rule
408      -
409        name: userdata
410        type: binary
411        doc: user data
412      -
413        name: id
414        type: u32
415        doc: uniquely identifies a rule in a transaction
416      -
417        name: position-id
418        type: u32
419        doc: transaction unique identifier of the previous rule
420      -
421        name: chain-id
422        type: u32
423        doc: add the rule to chain by ID, alternative to chain name
424  -
425    name: expr-list-attrs
426    attributes:
427      -
428        name: elem
429        type: nest
430        nested-attributes: expr-attrs
431        multi-attr: true
432  -
433    name: expr-attrs
434    attributes:
435      -
436        name: name
437        type: string
438        doc: name of the expression type
439      -
440        name: data
441        type: sub-message
442        sub-message: expr-ops
443        selector: name
444        doc: type specific data
445  -
446    name: rule-compat-attrs
447    attributes:
448      -
449        name: proto
450        type: binary
451        doc: numeric value of the handled protocol
452      -
453        name: flags
454        type: binary
455        doc: bitmask of flags
456  -
457    name: set-attrs
458    attributes:
459      -
460        name: table
461        type: string
462        doc: table name
463      -
464        name: name
465        type: string
466        doc: set name
467      -
468        name: flags
469        type: u32
470        enum: set-flags
471        byte-order: big-endian
472        doc: bitmask of enum nft_set_flags
473      -
474        name: key-type
475        type: u32
476        byte-order: big-endian
477        doc: key data type, informational purpose only
478      -
479        name: key-len
480        type: u32
481        byte-order: big-endian
482        doc: key data length
483      -
484        name: data-type
485        type: u32
486        byte-order: big-endian
487        doc: mapping data type
488      -
489        name: data-len
490        type: u32
491        byte-order: big-endian
492        doc: mapping data length
493      -
494        name: policy
495        type: u32
496        byte-order: big-endian
497        doc: selection policy
498      -
499        name: desc
500        type: nest
501        nested-attributes: set-desc-attrs
502        doc: set description
503      -
504        name: id
505        type: u32
506        doc: uniquely identifies a set in a transaction
507      -
508        name: timeout
509        type: u64
510        doc: default timeout value
511      -
512        name: gc-interval
513        type: u32
514        doc: garbage collection interval
515      -
516        name: userdata
517        type: binary
518        doc: user data
519      -
520        name: pad
521        type: pad
522      -
523        name: obj-type
524        type: u32
525        byte-order: big-endian
526        doc: stateful object type
527      -
528        name: handle
529        type: u64
530        byte-order: big-endian
531        doc: set handle
532      -
533        name: expr
534        type: nest
535        nested-attributes: expr-attrs
536        doc: set expression
537        multi-attr: true
538      -
539        name: expressions
540        type: nest
541        nested-attributes: set-list-attrs
542        doc: list of expressions
543  -
544    name: set-desc-attrs
545    attributes:
546      -
547        name: size
548        type: u32
549        byte-order: big-endian
550        doc: number of elements in set
551      -
552        name: concat
553        type: nest
554        nested-attributes: set-desc-concat-attrs
555        doc: description of field concatenation
556        multi-attr: true
557  -
558    name: set-desc-concat-attrs
559    attributes:
560      -
561        name: elem
562        type: nest
563        nested-attributes: set-field-attrs
564  -
565    name: set-field-attrs
566    attributes:
567      -
568        name: len
569        type: u32
570        byte-order: big-endian
571  -
572    name: set-list-attrs
573    attributes:
574      -
575        name: elem
576        type: nest
577        nested-attributes: expr-attrs
578        multi-attr: true
579  -
580    name: setelem-attrs
581    attributes:
582      -
583        name: key
584        type: nest
585        nested-attributes: data-attrs
586        doc: key value
587      -
588        name: data
589        type: nest
590        nested-attributes: data-attrs
591        doc: data value of mapping
592      -
593        name: flags
594        type: binary
595        doc: bitmask of nft_set_elem_flags
596      -
597        name: timeout
598        type: u64
599        doc: timeout value
600      -
601        name: expiration
602        type: u64
603        doc: expiration time
604      -
605        name: userdata
606        type: binary
607        doc: user data
608      -
609        name: expr
610        type: nest
611        nested-attributes: expr-attrs
612        doc: expression
613      -
614        name: objref
615        type: string
616        doc: stateful object reference
617      -
618        name: key-end
619        type: nest
620        nested-attributes: data-attrs
621        doc: closing key value
622      -
623        name: expressions
624        type: nest
625        nested-attributes: expr-list-attrs
626        doc: list of expressions
627  -
628    name: setelem-list-elem-attrs
629    attributes:
630      -
631        name: elem
632        type: nest
633        nested-attributes: setelem-attrs
634        multi-attr: true
635  -
636    name: setelem-list-attrs
637    attributes:
638      -
639        name: table
640        type: string
641      -
642        name: set
643        type: string
644      -
645        name: elements
646        type: nest
647        nested-attributes: setelem-list-elem-attrs
648      -
649        name: set-id
650        type: u32
651  -
652    name: gen-attrs
653    attributes:
654      -
655        name: id
656        type: u32
657        byte-order: big-endian
658        doc: ruleset generation id
659      -
660        name: proc-pid
661        type: u32
662        byte-order: big-endian
663      -
664        name: proc-name
665        type: string
666  -
667    name: obj-attrs
668    attributes:
669      -
670        name: table
671        type: string
672        doc: name of the table containing the expression
673      -
674        name: name
675        type: string
676        doc: name of this expression type
677      -
678        name: type
679        type: u32
680        enum: object-type
681        byte-order: big-endian
682        doc: stateful object type
683      -
684        name: data
685        type: sub-message
686        sub-message: obj-data
687        selector: type
688        doc: stateful object data
689      -
690        name: use
691        type: u32
692        byte-order: big-endian
693        doc: number of references to this expression
694      -
695        name: handle
696        type: u64
697        byte-order: big-endian
698        doc: object handle
699      -
700        name: pad
701        type: pad
702      -
703        name: userdata
704        type: binary
705        doc: user data
706  -
707    name: quota-attrs
708    attributes:
709      -
710        name: bytes
711        type: u64
712        byte-order: big-endian
713      -
714        name: flags
715        type: u32
716        byte-order: big-endian
717        enum: quota-flags
718      -
719        name: pad
720        type: pad
721      -
722        name: consumed
723        type: u64
724        byte-order: big-endian
725  -
726    name: flowtable-attrs
727    attributes:
728      -
729        name: table
730        type: string
731      -
732        name: name
733        type: string
734      -
735        name: hook
736        type: nest
737        nested-attributes: flowtable-hook-attrs
738      -
739        name: use
740        type: u32
741        byte-order: big-endian
742      -
743        name: handle
744        type: u64
745        byte-order: big-endian
746      -
747        name: pad
748        type: pad
749      -
750        name: flags
751        type: u32
752        byte-order: big-endian
753  -
754    name: flowtable-hook-attrs
755    attributes:
756      -
757        name: num
758        type: u32
759        byte-order: big-endian
760      -
761        name: priority
762        type: u32
763        byte-order: big-endian
764      -
765        name: devs
766        type: nest
767        nested-attributes: hook-dev-attrs
768  -
769    name: expr-bitwise-attrs
770    attributes:
771      -
772        name: sreg
773        type: u32
774        byte-order: big-endian
775      -
776        name: dreg
777        type: u32
778        byte-order: big-endian
779      -
780        name: len
781        type: u32
782        byte-order: big-endian
783      -
784        name: mask
785        type: nest
786        nested-attributes: data-attrs
787      -
788        name: xor
789        type: nest
790        nested-attributes: data-attrs
791      -
792        name: op
793        type: u32
794        byte-order: big-endian
795        enum: bitwise-ops
796      -
797        name: data
798        type: nest
799        nested-attributes: data-attrs
800  -
801    name: expr-cmp-attrs
802    attributes:
803      -
804        name: sreg
805        type: u32
806        byte-order: big-endian
807      -
808        name: op
809        type: u32
810        byte-order: big-endian
811        enum: cmp-ops
812      -
813        name: data
814        type: nest
815        nested-attributes: data-attrs
816  -
817    name: data-attrs
818    attributes:
819      -
820        name: value
821        type: binary
822        # sub-type: u8
823      -
824        name: verdict
825        type: nest
826        nested-attributes: verdict-attrs
827  -
828    name: verdict-attrs
829    attributes:
830      -
831        name: code
832        type: u32
833        byte-order: big-endian
834        enum: verdict-code
835      -
836        name: chain
837        type: string
838      -
839        name: chain-id
840        type: u32
841  -
842    name: expr-counter-attrs
843    attributes:
844      -
845        name: bytes
846        type: u64
847        doc: Number of bytes
848      -
849        name: packets
850        type: u64
851        doc: Number of packets
852      -
853        name: pad
854        type: pad
855  -
856    name: expr-fib-attrs
857    attributes:
858      -
859        name: dreg
860        type: u32
861        byte-order: big-endian
862      -
863        name: result
864        type: u32
865        byte-order: big-endian
866        enum: fib-result
867      -
868        name: flags
869        type: u32
870        byte-order: big-endian
871        enum: fib-flags
872  -
873    name: expr-ct-attrs
874    attributes:
875      -
876        name: dreg
877        type: u32
878        byte-order: big-endian
879      -
880        name: key
881        type: u32
882        byte-order: big-endian
883        enum: ct-keys
884      -
885        name: direction
886        type: u8
887        enum: ct-direction
888      -
889        name: sreg
890        type: u32
891        byte-order: big-endian
892  -
893    name: expr-flow-offload-attrs
894    attributes:
895      -
896        name: name
897        type: string
898        doc: Flow offload table name
899  -
900    name: expr-immediate-attrs
901    attributes:
902      -
903        name: dreg
904        type: u32
905        byte-order: big-endian
906      -
907        name: data
908        type: nest
909        nested-attributes: data-attrs
910  -
911    name: expr-lookup-attrs
912    attributes:
913      -
914        name: set
915        type: string
916        doc: Name of set to use
917      -
918        name: set id
919        type: u32
920        byte-order: big-endian
921        doc: ID of set to use
922      -
923        name: sreg
924        type: u32
925        byte-order: big-endian
926      -
927        name: dreg
928        type: u32
929        byte-order: big-endian
930      -
931        name: flags
932        type: u32
933        byte-order: big-endian
934        enum: lookup-flags
935  -
936    name: expr-meta-attrs
937    attributes:
938      -
939        name: dreg
940        type: u32
941        byte-order: big-endian
942      -
943        name: key
944        type: u32
945        byte-order: big-endian
946        enum: meta-keys
947      -
948        name: sreg
949        type: u32
950        byte-order: big-endian
951  -
952    name: expr-nat-attrs
953    attributes:
954      -
955        name: type
956        type: u32
957        byte-order: big-endian
958      -
959        name: family
960        type: u32
961        byte-order: big-endian
962      -
963        name: reg-addr-min
964        type: u32
965        byte-order: big-endian
966      -
967        name: reg-addr-max
968        type: u32
969        byte-order: big-endian
970      -
971        name: reg-proto-min
972        type: u32
973        byte-order: big-endian
974      -
975        name: reg-proto-max
976        type: u32
977        byte-order: big-endian
978      -
979        name: flags
980        type: u32
981        byte-order: big-endian
982        enum: nat-range-flags
983        enum-as-flags: true
984  -
985    name: expr-payload-attrs
986    attributes:
987      -
988        name: dreg
989        type: u32
990        byte-order: big-endian
991      -
992        name: base
993        type: u32
994        byte-order: big-endian
995      -
996        name: offset
997        type: u32
998        byte-order: big-endian
999      -
1000        name: len
1001        type: u32
1002        byte-order: big-endian
1003      -
1004        name: sreg
1005        type: u32
1006        byte-order: big-endian
1007      -
1008        name: csum-type
1009        type: u32
1010        byte-order: big-endian
1011      -
1012        name: csum-offset
1013        type: u32
1014        byte-order: big-endian
1015      -
1016        name: csum-flags
1017        type: u32
1018        byte-order: big-endian
1019  -
1020    name: expr-reject-attrs
1021    attributes:
1022      -
1023        name: type
1024        type: u32
1025        byte-order: big-endian
1026        enum: reject-types
1027      -
1028        name: icmp-code
1029        type: u8
1030  -
1031    name: expr-target-attrs
1032    attributes:
1033      -
1034        name: name
1035        type: string
1036      -
1037        name: rev
1038        type: u32
1039        byte-order: big-endian
1040      -
1041        name: info
1042        type: binary
1043  -
1044    name: expr-tproxy-attrs
1045    attributes:
1046      -
1047        name: family
1048        type: u32
1049        byte-order: big-endian
1050      -
1051        name: reg-addr
1052        type: u32
1053        byte-order: big-endian
1054      -
1055        name: reg-port
1056        type: u32
1057        byte-order: big-endian
1058  -
1059    name: expr-objref-attrs
1060    attributes:
1061      -
1062        name: imm-type
1063        type: u32
1064        byte-order: big-endian
1065      -
1066        name: imm-name
1067        type: string
1068        doc: object name
1069      -
1070        name: set-sreg
1071        type: u32
1072        byte-order: big-endian
1073      -
1074        name: set-name
1075        type: string
1076        doc: name of object map
1077      -
1078        name: set-id
1079        type: u32
1080        byte-order: big-endian
1081        doc: id of object map
1082
1083sub-messages:
1084  -
1085    name: expr-ops
1086    formats:
1087      -
1088        value: bitwise
1089        attribute-set: expr-bitwise-attrs
1090      -
1091        value: cmp
1092        attribute-set: expr-cmp-attrs
1093      -
1094        value: counter
1095        attribute-set: expr-counter-attrs
1096      -
1097        value: ct
1098        attribute-set: expr-ct-attrs
1099      -
1100        value: fib
1101        attribute-set: expr-fib-attrs
1102      -
1103        value: flow_offload
1104        attribute-set: expr-flow-offload-attrs
1105      -
1106        value: immediate
1107        attribute-set: expr-immediate-attrs
1108      -
1109        value: lookup
1110        attribute-set: expr-lookup-attrs
1111      -
1112        value: meta
1113        attribute-set: expr-meta-attrs
1114      -
1115        value: nat
1116        attribute-set: expr-nat-attrs
1117      -
1118        value: objref
1119        attribute-set: expr-objref-attrs
1120      -
1121        value: payload
1122        attribute-set: expr-payload-attrs
1123      -
1124        value: quota
1125        attribute-set: quota-attrs
1126      -
1127        value: reject
1128        attribute-set: expr-reject-attrs
1129      -
1130        value: target
1131        attribute-set: expr-target-attrs
1132      -
1133        value: tproxy
1134        attribute-set: expr-tproxy-attrs
1135  -
1136    name: obj-data
1137    formats:
1138      -
1139        value: counter
1140        attribute-set: counter-attrs
1141      -
1142        value: quota
1143        attribute-set: quota-attrs
1144
1145operations:
1146  enum-model: directional
1147  list:
1148    -
1149      name: batch-begin
1150      doc: Start a batch of operations
1151      attribute-set: batch-attrs
1152      fixed-header: nfgenmsg
1153      do:
1154        request:
1155          value: 0x10
1156          attributes:
1157            - genid
1158        reply:
1159          value: 0x10
1160          attributes:
1161            - genid
1162    -
1163      name: batch-end
1164      doc: Finish a batch of operations
1165      attribute-set: batch-attrs
1166      fixed-header: nfgenmsg
1167      do:
1168        request:
1169          value: 0x11
1170          attributes:
1171            - genid
1172    -
1173      name: newtable
1174      doc: Create a new table.
1175      attribute-set: table-attrs
1176      fixed-header: nfgenmsg
1177      do:
1178        request:
1179          value: 0xa00
1180          attributes:
1181            - name
1182    -
1183      name: gettable
1184      doc: Get / dump tables.
1185      attribute-set: table-attrs
1186      fixed-header: nfgenmsg
1187      do:
1188        request:
1189          value: 0xa01
1190          attributes:
1191            - name
1192        reply:
1193          value: 0xa00
1194          attributes:
1195            - name
1196    -
1197      name: deltable
1198      doc: Delete an existing table.
1199      attribute-set: table-attrs
1200      fixed-header: nfgenmsg
1201      do:
1202        request:
1203          value: 0xa02
1204          attributes:
1205            - name
1206    -
1207      name: destroytable
1208      doc: Delete an existing table with destroy semantics (ignoring ENOENT errors).
1209      attribute-set: table-attrs
1210      fixed-header: nfgenmsg
1211      do:
1212        request:
1213          value: 0xa1a
1214          attributes:
1215            - name
1216    -
1217      name: newchain
1218      doc: Create a new chain.
1219      attribute-set: chain-attrs
1220      fixed-header: nfgenmsg
1221      do:
1222        request:
1223          value: 0xa03
1224          attributes:
1225            - name
1226    -
1227      name: getchain
1228      doc: Get / dump chains.
1229      attribute-set: chain-attrs
1230      fixed-header: nfgenmsg
1231      do:
1232        request:
1233          value: 0xa04
1234          attributes:
1235            - name
1236        reply:
1237          value: 0xa03
1238          attributes:
1239            - name
1240    -
1241      name: delchain
1242      doc: Delete an existing chain.
1243      attribute-set: chain-attrs
1244      fixed-header: nfgenmsg
1245      do:
1246        request:
1247          value: 0xa05
1248          attributes:
1249            - name
1250    -
1251      name: destroychain
1252      doc: Delete an existing chain with destroy semantics (ignoring ENOENT errors).
1253      attribute-set: chain-attrs
1254      fixed-header: nfgenmsg
1255      do:
1256        request:
1257          value: 0xa1b
1258          attributes:
1259            - name
1260    -
1261      name: newrule
1262      doc: Create a new rule.
1263      attribute-set: rule-attrs
1264      fixed-header: nfgenmsg
1265      do:
1266        request:
1267          value: 0xa06
1268          attributes:
1269            - name
1270    -
1271      name: getrule
1272      doc: Get / dump rules.
1273      attribute-set: rule-attrs
1274      fixed-header: nfgenmsg
1275      do:
1276        request:
1277          value: 0xa07
1278          attributes:
1279            - name
1280        reply:
1281          value: 0xa06
1282          attributes:
1283            - name
1284    -
1285      name: getrule-reset
1286      doc: Get / dump rules and reset stateful expressions.
1287      attribute-set: rule-attrs
1288      fixed-header: nfgenmsg
1289      do:
1290        request:
1291          value: 0xa19
1292          attributes:
1293            - name
1294        reply:
1295          value: 0xa06
1296          attributes:
1297            - name
1298    -
1299      name: delrule
1300      doc: Delete an existing rule.
1301      attribute-set: rule-attrs
1302      fixed-header: nfgenmsg
1303      do:
1304        request:
1305          value: 0xa08
1306          attributes:
1307            - name
1308    -
1309      name: destroyrule
1310      doc: Delete an existing rule with destroy semantics (ignoring ENOENT errors).
1311      attribute-set: rule-attrs
1312      fixed-header: nfgenmsg
1313      do:
1314        request:
1315          value: 0xa1c
1316          attributes:
1317            - name
1318    -
1319      name: newset
1320      doc: Create a new set.
1321      attribute-set: set-attrs
1322      fixed-header: nfgenmsg
1323      do:
1324        request:
1325          value: 0xa09
1326          attributes:
1327            - name
1328    -
1329      name: getset
1330      doc: Get / dump sets.
1331      attribute-set: set-attrs
1332      fixed-header: nfgenmsg
1333      do:
1334        request:
1335          value: 0xa0a
1336          attributes:
1337            - name
1338        reply:
1339          value: 0xa09
1340          attributes:
1341            - name
1342    -
1343      name: delset
1344      doc: Delete an existing set.
1345      attribute-set: set-attrs
1346      fixed-header: nfgenmsg
1347      do:
1348        request:
1349          value: 0xa0b
1350          attributes:
1351            - name
1352    -
1353      name: destroyset
1354      doc: Delete an existing set with destroy semantics (ignoring ENOENT errors).
1355      attribute-set: set-attrs
1356      fixed-header: nfgenmsg
1357      do:
1358        request:
1359          value: 0xa1d
1360          attributes:
1361            - name
1362    -
1363      name: newsetelem
1364      doc: Create a new set element.
1365      attribute-set: setelem-list-attrs
1366      fixed-header: nfgenmsg
1367      do:
1368        request:
1369          value: 0xa0c
1370          attributes:
1371            - name
1372    -
1373      name: getsetelem
1374      doc: Get / dump set elements.
1375      attribute-set: setelem-list-attrs
1376      fixed-header: nfgenmsg
1377      do:
1378        request:
1379          value: 0xa0d
1380          attributes:
1381            - name
1382        reply:
1383          value: 0xa0c
1384          attributes:
1385            - name
1386    -
1387      name: getsetelem-reset
1388      doc: Get / dump set elements and reset stateful expressions.
1389      attribute-set: setelem-list-attrs
1390      fixed-header: nfgenmsg
1391      do:
1392        request:
1393          value: 0xa21
1394          attributes:
1395            - name
1396        reply:
1397          value: 0xa0c
1398          attributes:
1399            - name
1400    -
1401      name: delsetelem
1402      doc: Delete an existing set element.
1403      attribute-set: setelem-list-attrs
1404      fixed-header: nfgenmsg
1405      do:
1406        request:
1407          value: 0xa0e
1408          attributes:
1409            - name
1410    -
1411      name: destroysetelem
1412      doc: Delete an existing set element with destroy semantics.
1413      attribute-set: setelem-list-attrs
1414      fixed-header: nfgenmsg
1415      do:
1416        request:
1417          value: 0xa1e
1418          attributes:
1419            - name
1420    -
1421      name: getgen
1422      doc: Get / dump rule-set generation.
1423      attribute-set: gen-attrs
1424      fixed-header: nfgenmsg
1425      do:
1426        request:
1427          value: 0xa10
1428          attributes:
1429            - name
1430        reply:
1431          value: 0xa0f
1432          attributes:
1433            - name
1434    -
1435      name: newobj
1436      doc: Create a new stateful object.
1437      attribute-set: obj-attrs
1438      fixed-header: nfgenmsg
1439      do:
1440        request:
1441          value: 0xa12
1442          attributes:
1443            - name
1444    -
1445      name: getobj
1446      doc: Get / dump stateful objects.
1447      attribute-set: obj-attrs
1448      fixed-header: nfgenmsg
1449      do:
1450        request:
1451          value: 0xa13
1452          attributes:
1453            - name
1454        reply:
1455          value: 0xa12
1456          attributes:
1457            - name
1458    -
1459      name: delobj
1460      doc: Delete an existing stateful object.
1461      attribute-set: obj-attrs
1462      fixed-header: nfgenmsg
1463      do:
1464        request:
1465          value: 0xa14
1466          attributes:
1467            - name
1468    -
1469      name: destroyobj
1470      doc: Delete an existing stateful object with destroy semantics.
1471      attribute-set: obj-attrs
1472      fixed-header: nfgenmsg
1473      do:
1474        request:
1475          value: 0xa1f
1476          attributes:
1477            - name
1478    -
1479      name: newflowtable
1480      doc: Create a new flow table.
1481      attribute-set: flowtable-attrs
1482      fixed-header: nfgenmsg
1483      do:
1484        request:
1485          value: 0xa16
1486          attributes:
1487            - name
1488    -
1489      name: getflowtable
1490      doc: Get / dump flow tables.
1491      attribute-set: flowtable-attrs
1492      fixed-header: nfgenmsg
1493      do:
1494        request:
1495          value: 0xa17
1496          attributes:
1497            - name
1498        reply:
1499          value: 0xa16
1500          attributes:
1501            - name
1502    -
1503      name: delflowtable
1504      doc: Delete an existing flow table.
1505      attribute-set: flowtable-attrs
1506      fixed-header: nfgenmsg
1507      do:
1508        request:
1509          value: 0xa18
1510          attributes:
1511            - name
1512    -
1513      name: destroyflowtable
1514      doc: Delete an existing flow table with destroy semantics.
1515      attribute-set: flowtable-attrs
1516      fixed-header: nfgenmsg
1517      do:
1518        request:
1519          value: 0xa20
1520          attributes:
1521            - name
1522
1523mcast-groups:
1524  list:
1525    -
1526      name: mgmt
1527