1# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 2 3name: nftables 4protocol: netlink-raw 5protonum: 12 6 7doc: 8 Netfilter nftables configuration over netlink. 9 10definitions: 11 - 12 name: nfgenmsg 13 type: struct 14 members: 15 - 16 name: nfgen-family 17 type: u8 18 - 19 name: version 20 type: u8 21 - 22 name: res-id 23 byte-order: big-endian 24 type: u16 25 - 26 name: meta-keys 27 type: enum 28 entries: 29 - len 30 - protocol 31 - priority 32 - mark 33 - iif 34 - oif 35 - iifname 36 - oifname 37 - iftype 38 - oiftype 39 - skuid 40 - skgid 41 - nftrace 42 - rtclassid 43 - secmark 44 - nfproto 45 - l4-proto 46 - bri-iifname 47 - bri-oifname 48 - pkttype 49 - cpu 50 - iifgroup 51 - oifgroup 52 - cgroup 53 - prandom 54 - secpath 55 - iifkind 56 - oifkind 57 - bri-iifpvid 58 - bri-iifvproto 59 - time-ns 60 - time-day 61 - time-hour 62 - sdif 63 - sdifname 64 - bri-broute 65 - 66 name: bitwise-ops 67 type: enum 68 entries: 69 - bool 70 - lshift 71 - rshift 72 - 73 name: cmp-ops 74 type: enum 75 entries: 76 - eq 77 - neq 78 - lt 79 - lte 80 - gt 81 - gte 82 - 83 name: object-type 84 type: enum 85 entries: 86 - unspec 87 - counter 88 - quota 89 - ct-helper 90 - limit 91 - connlimit 92 - tunnel 93 - ct-timeout 94 - secmark 95 - ct-expect 96 - synproxy 97 - 98 name: nat-range-flags 99 type: flags 100 entries: 101 - map-ips 102 - proto-specified 103 - proto-random 104 - persistent 105 - proto-random-fully 106 - proto-offset 107 - netmap 108 - 109 name: table-flags 110 type: flags 111 entries: 112 - dormant 113 - owner 114 - persist 115 - 116 name: chain-flags 117 type: flags 118 entries: 119 - base 120 - hw-offload 121 - binding 122 - 123 name: set-flags 124 type: flags 125 entries: 126 - anonymous 127 - constant 128 - interval 129 - map 130 - timeout 131 - eval 132 - object 133 - concat 134 - expr 135 - 136 name: lookup-flags 137 type: flags 138 entries: 139 - invert 140 - 141 name: ct-keys 142 type: enum 143 entries: 144 - state 145 - direction 146 - status 147 - mark 148 - secmark 149 - expiration 150 - helper 151 - l3protocol 152 - src 153 - dst 154 - protocol 155 - proto-src 156 - proto-dst 157 - labels 158 - pkts 159 - bytes 160 - avgpkt 161 - zone 162 - eventmask 163 - src-ip 164 - dst-ip 165 - src-ip6 166 - dst-ip6 167 - ct-id 168 - 169 name: ct-direction 170 type: enum 171 entries: 172 - original 173 - reply 174 - 175 name: quota-flags 176 type: flags 177 entries: 178 - invert 179 - depleted 180 - 181 name: verdict-code 182 type: enum 183 entries: 184 - name: continue 185 value: 0xffffffff 186 - name: break 187 value: 0xfffffffe 188 - name: jump 189 value: 0xfffffffd 190 - name: goto 191 value: 0xfffffffc 192 - name: return 193 value: 0xfffffffb 194 - name: drop 195 value: 0 196 - name: accept 197 value: 1 198 - name: stolen 199 value: 2 200 - name: queue 201 value: 3 202 - name: repeat 203 value: 4 204 - 205 name: fib-result 206 type: enum 207 entries: 208 - oif 209 - oifname 210 - addrtype 211 - 212 name: fib-flags 213 type: flags 214 entries: 215 - saddr 216 - daddr 217 - mark 218 - iif 219 - oif 220 - present 221 - 222 name: reject-types 223 type: enum 224 entries: 225 - icmp-unreach 226 - tcp-rst 227 - icmpx-unreach 228 229attribute-sets: 230 - 231 name: empty-attrs 232 attributes: 233 - 234 name: name 235 type: string 236 - 237 name: batch-attrs 238 attributes: 239 - 240 name: genid 241 type: u32 242 byte-order: big-endian 243 - 244 name: table-attrs 245 attributes: 246 - 247 name: name 248 type: string 249 doc: name of the table 250 - 251 name: flags 252 type: u32 253 byte-order: big-endian 254 doc: bitmask of flags 255 enum: table-flags 256 enum-as-flags: true 257 - 258 name: use 259 type: u32 260 byte-order: big-endian 261 doc: number of chains in this table 262 - 263 name: handle 264 type: u64 265 byte-order: big-endian 266 doc: numeric handle of the table 267 - 268 name: userdata 269 type: binary 270 doc: user data 271 - 272 name: chain-attrs 273 attributes: 274 - 275 name: table 276 type: string 277 doc: name of the table containing the chain 278 - 279 name: handle 280 type: u64 281 byte-order: big-endian 282 doc: numeric handle of the chain 283 - 284 name: name 285 type: string 286 doc: name of the chain 287 - 288 name: hook 289 type: nest 290 nested-attributes: nft-hook-attrs 291 doc: hook specification for basechains 292 - 293 name: policy 294 type: u32 295 byte-order: big-endian 296 doc: numeric policy of the chain 297 - 298 name: use 299 type: u32 300 byte-order: big-endian 301 doc: number of references to this chain 302 - 303 name: type 304 type: string 305 doc: type name of the chain 306 - 307 name: counters 308 type: nest 309 nested-attributes: nft-counter-attrs 310 doc: counter specification of the chain 311 - 312 name: flags 313 type: u32 314 byte-order: big-endian 315 doc: chain flags 316 enum: chain-flags 317 enum-as-flags: true 318 - 319 name: id 320 type: u32 321 byte-order: big-endian 322 doc: uniquely identifies a chain in a transaction 323 - 324 name: userdata 325 type: binary 326 doc: user data 327 - 328 name: counter-attrs 329 attributes: 330 - 331 name: bytes 332 type: u64 333 byte-order: big-endian 334 - 335 name: packets 336 type: u64 337 byte-order: big-endian 338 - 339 name: pad 340 type: pad 341 - 342 name: nft-hook-attrs 343 attributes: 344 - 345 name: num 346 type: u32 347 byte-order: big-endian 348 - 349 name: priority 350 type: s32 351 byte-order: big-endian 352 - 353 name: dev 354 type: string 355 doc: net device name 356 - 357 name: devs 358 type: nest 359 nested-attributes: hook-dev-attrs 360 doc: list of net devices 361 - 362 name: hook-dev-attrs 363 attributes: 364 - 365 name: name 366 type: string 367 multi-attr: true 368 - 369 name: nft-counter-attrs 370 attributes: 371 - 372 name: bytes 373 type: u64 374 - 375 name: packets 376 type: u64 377 - 378 name: rule-attrs 379 attributes: 380 - 381 name: table 382 type: string 383 doc: name of the table containing the rule 384 - 385 name: chain 386 type: string 387 doc: name of the chain containing the rule 388 - 389 name: handle 390 type: u64 391 byte-order: big-endian 392 doc: numeric handle of the rule 393 - 394 name: expressions 395 type: nest 396 nested-attributes: expr-list-attrs 397 doc: list of expressions 398 - 399 name: compat 400 type: nest 401 nested-attributes: rule-compat-attrs 402 doc: compatibility specifications of the rule 403 - 404 name: position 405 type: u64 406 byte-order: big-endian 407 doc: numeric handle of the previous rule 408 - 409 name: userdata 410 type: binary 411 doc: user data 412 - 413 name: id 414 type: u32 415 doc: uniquely identifies a rule in a transaction 416 - 417 name: position-id 418 type: u32 419 doc: transaction unique identifier of the previous rule 420 - 421 name: chain-id 422 type: u32 423 doc: add the rule to chain by ID, alternative to chain name 424 - 425 name: expr-list-attrs 426 attributes: 427 - 428 name: elem 429 type: nest 430 nested-attributes: expr-attrs 431 multi-attr: true 432 - 433 name: expr-attrs 434 attributes: 435 - 436 name: name 437 type: string 438 doc: name of the expression type 439 - 440 name: data 441 type: sub-message 442 sub-message: expr-ops 443 selector: name 444 doc: type specific data 445 - 446 name: rule-compat-attrs 447 attributes: 448 - 449 name: proto 450 type: binary 451 doc: numeric value of the handled protocol 452 - 453 name: flags 454 type: binary 455 doc: bitmask of flags 456 - 457 name: set-attrs 458 attributes: 459 - 460 name: table 461 type: string 462 doc: table name 463 - 464 name: name 465 type: string 466 doc: set name 467 - 468 name: flags 469 type: u32 470 enum: set-flags 471 byte-order: big-endian 472 doc: bitmask of enum nft_set_flags 473 - 474 name: key-type 475 type: u32 476 byte-order: big-endian 477 doc: key data type, informational purpose only 478 - 479 name: key-len 480 type: u32 481 byte-order: big-endian 482 doc: key data length 483 - 484 name: data-type 485 type: u32 486 byte-order: big-endian 487 doc: mapping data type 488 - 489 name: data-len 490 type: u32 491 byte-order: big-endian 492 doc: mapping data length 493 - 494 name: policy 495 type: u32 496 byte-order: big-endian 497 doc: selection policy 498 - 499 name: desc 500 type: nest 501 nested-attributes: set-desc-attrs 502 doc: set description 503 - 504 name: id 505 type: u32 506 doc: uniquely identifies a set in a transaction 507 - 508 name: timeout 509 type: u64 510 doc: default timeout value 511 - 512 name: gc-interval 513 type: u32 514 doc: garbage collection interval 515 - 516 name: userdata 517 type: binary 518 doc: user data 519 - 520 name: pad 521 type: pad 522 - 523 name: obj-type 524 type: u32 525 byte-order: big-endian 526 doc: stateful object type 527 - 528 name: handle 529 type: u64 530 byte-order: big-endian 531 doc: set handle 532 - 533 name: expr 534 type: nest 535 nested-attributes: expr-attrs 536 doc: set expression 537 multi-attr: true 538 - 539 name: expressions 540 type: nest 541 nested-attributes: set-list-attrs 542 doc: list of expressions 543 - 544 name: set-desc-attrs 545 attributes: 546 - 547 name: size 548 type: u32 549 byte-order: big-endian 550 doc: number of elements in set 551 - 552 name: concat 553 type: nest 554 nested-attributes: set-desc-concat-attrs 555 doc: description of field concatenation 556 multi-attr: true 557 - 558 name: set-desc-concat-attrs 559 attributes: 560 - 561 name: elem 562 type: nest 563 nested-attributes: set-field-attrs 564 - 565 name: set-field-attrs 566 attributes: 567 - 568 name: len 569 type: u32 570 byte-order: big-endian 571 - 572 name: set-list-attrs 573 attributes: 574 - 575 name: elem 576 type: nest 577 nested-attributes: expr-attrs 578 multi-attr: true 579 - 580 name: setelem-attrs 581 attributes: 582 - 583 name: key 584 type: nest 585 nested-attributes: data-attrs 586 doc: key value 587 - 588 name: data 589 type: nest 590 nested-attributes: data-attrs 591 doc: data value of mapping 592 - 593 name: flags 594 type: binary 595 doc: bitmask of nft_set_elem_flags 596 - 597 name: timeout 598 type: u64 599 doc: timeout value 600 - 601 name: expiration 602 type: u64 603 doc: expiration time 604 - 605 name: userdata 606 type: binary 607 doc: user data 608 - 609 name: expr 610 type: nest 611 nested-attributes: expr-attrs 612 doc: expression 613 - 614 name: objref 615 type: string 616 doc: stateful object reference 617 - 618 name: key-end 619 type: nest 620 nested-attributes: data-attrs 621 doc: closing key value 622 - 623 name: expressions 624 type: nest 625 nested-attributes: expr-list-attrs 626 doc: list of expressions 627 - 628 name: setelem-list-elem-attrs 629 attributes: 630 - 631 name: elem 632 type: nest 633 nested-attributes: setelem-attrs 634 multi-attr: true 635 - 636 name: setelem-list-attrs 637 attributes: 638 - 639 name: table 640 type: string 641 - 642 name: set 643 type: string 644 - 645 name: elements 646 type: nest 647 nested-attributes: setelem-list-elem-attrs 648 - 649 name: set-id 650 type: u32 651 - 652 name: gen-attrs 653 attributes: 654 - 655 name: id 656 type: u32 657 byte-order: big-endian 658 doc: ruleset generation id 659 - 660 name: proc-pid 661 type: u32 662 byte-order: big-endian 663 - 664 name: proc-name 665 type: string 666 - 667 name: obj-attrs 668 attributes: 669 - 670 name: table 671 type: string 672 doc: name of the table containing the expression 673 - 674 name: name 675 type: string 676 doc: name of this expression type 677 - 678 name: type 679 type: u32 680 enum: object-type 681 byte-order: big-endian 682 doc: stateful object type 683 - 684 name: data 685 type: sub-message 686 sub-message: obj-data 687 selector: type 688 doc: stateful object data 689 - 690 name: use 691 type: u32 692 byte-order: big-endian 693 doc: number of references to this expression 694 - 695 name: handle 696 type: u64 697 byte-order: big-endian 698 doc: object handle 699 - 700 name: pad 701 type: pad 702 - 703 name: userdata 704 type: binary 705 doc: user data 706 - 707 name: quota-attrs 708 attributes: 709 - 710 name: bytes 711 type: u64 712 byte-order: big-endian 713 - 714 name: flags 715 type: u32 716 byte-order: big-endian 717 enum: quota-flags 718 - 719 name: pad 720 type: pad 721 - 722 name: consumed 723 type: u64 724 byte-order: big-endian 725 - 726 name: flowtable-attrs 727 attributes: 728 - 729 name: table 730 type: string 731 - 732 name: name 733 type: string 734 - 735 name: hook 736 type: nest 737 nested-attributes: flowtable-hook-attrs 738 - 739 name: use 740 type: u32 741 byte-order: big-endian 742 - 743 name: handle 744 type: u64 745 byte-order: big-endian 746 - 747 name: pad 748 type: pad 749 - 750 name: flags 751 type: u32 752 byte-order: big-endian 753 - 754 name: flowtable-hook-attrs 755 attributes: 756 - 757 name: num 758 type: u32 759 byte-order: big-endian 760 - 761 name: priority 762 type: u32 763 byte-order: big-endian 764 - 765 name: devs 766 type: nest 767 nested-attributes: hook-dev-attrs 768 - 769 name: expr-bitwise-attrs 770 attributes: 771 - 772 name: sreg 773 type: u32 774 byte-order: big-endian 775 - 776 name: dreg 777 type: u32 778 byte-order: big-endian 779 - 780 name: len 781 type: u32 782 byte-order: big-endian 783 - 784 name: mask 785 type: nest 786 nested-attributes: data-attrs 787 - 788 name: xor 789 type: nest 790 nested-attributes: data-attrs 791 - 792 name: op 793 type: u32 794 byte-order: big-endian 795 enum: bitwise-ops 796 - 797 name: data 798 type: nest 799 nested-attributes: data-attrs 800 - 801 name: expr-cmp-attrs 802 attributes: 803 - 804 name: sreg 805 type: u32 806 byte-order: big-endian 807 - 808 name: op 809 type: u32 810 byte-order: big-endian 811 enum: cmp-ops 812 - 813 name: data 814 type: nest 815 nested-attributes: data-attrs 816 - 817 name: data-attrs 818 attributes: 819 - 820 name: value 821 type: binary 822 # sub-type: u8 823 - 824 name: verdict 825 type: nest 826 nested-attributes: verdict-attrs 827 - 828 name: verdict-attrs 829 attributes: 830 - 831 name: code 832 type: u32 833 byte-order: big-endian 834 enum: verdict-code 835 - 836 name: chain 837 type: string 838 - 839 name: chain-id 840 type: u32 841 - 842 name: expr-counter-attrs 843 attributes: 844 - 845 name: bytes 846 type: u64 847 doc: Number of bytes 848 - 849 name: packets 850 type: u64 851 doc: Number of packets 852 - 853 name: pad 854 type: pad 855 - 856 name: expr-fib-attrs 857 attributes: 858 - 859 name: dreg 860 type: u32 861 byte-order: big-endian 862 - 863 name: result 864 type: u32 865 byte-order: big-endian 866 enum: fib-result 867 - 868 name: flags 869 type: u32 870 byte-order: big-endian 871 enum: fib-flags 872 - 873 name: expr-ct-attrs 874 attributes: 875 - 876 name: dreg 877 type: u32 878 byte-order: big-endian 879 - 880 name: key 881 type: u32 882 byte-order: big-endian 883 enum: ct-keys 884 - 885 name: direction 886 type: u8 887 enum: ct-direction 888 - 889 name: sreg 890 type: u32 891 byte-order: big-endian 892 - 893 name: expr-flow-offload-attrs 894 attributes: 895 - 896 name: name 897 type: string 898 doc: Flow offload table name 899 - 900 name: expr-immediate-attrs 901 attributes: 902 - 903 name: dreg 904 type: u32 905 byte-order: big-endian 906 - 907 name: data 908 type: nest 909 nested-attributes: data-attrs 910 - 911 name: expr-lookup-attrs 912 attributes: 913 - 914 name: set 915 type: string 916 doc: Name of set to use 917 - 918 name: set id 919 type: u32 920 byte-order: big-endian 921 doc: ID of set to use 922 - 923 name: sreg 924 type: u32 925 byte-order: big-endian 926 - 927 name: dreg 928 type: u32 929 byte-order: big-endian 930 - 931 name: flags 932 type: u32 933 byte-order: big-endian 934 enum: lookup-flags 935 - 936 name: expr-meta-attrs 937 attributes: 938 - 939 name: dreg 940 type: u32 941 byte-order: big-endian 942 - 943 name: key 944 type: u32 945 byte-order: big-endian 946 enum: meta-keys 947 - 948 name: sreg 949 type: u32 950 byte-order: big-endian 951 - 952 name: expr-nat-attrs 953 attributes: 954 - 955 name: type 956 type: u32 957 byte-order: big-endian 958 - 959 name: family 960 type: u32 961 byte-order: big-endian 962 - 963 name: reg-addr-min 964 type: u32 965 byte-order: big-endian 966 - 967 name: reg-addr-max 968 type: u32 969 byte-order: big-endian 970 - 971 name: reg-proto-min 972 type: u32 973 byte-order: big-endian 974 - 975 name: reg-proto-max 976 type: u32 977 byte-order: big-endian 978 - 979 name: flags 980 type: u32 981 byte-order: big-endian 982 enum: nat-range-flags 983 enum-as-flags: true 984 - 985 name: expr-payload-attrs 986 attributes: 987 - 988 name: dreg 989 type: u32 990 byte-order: big-endian 991 - 992 name: base 993 type: u32 994 byte-order: big-endian 995 - 996 name: offset 997 type: u32 998 byte-order: big-endian 999 - 1000 name: len 1001 type: u32 1002 byte-order: big-endian 1003 - 1004 name: sreg 1005 type: u32 1006 byte-order: big-endian 1007 - 1008 name: csum-type 1009 type: u32 1010 byte-order: big-endian 1011 - 1012 name: csum-offset 1013 type: u32 1014 byte-order: big-endian 1015 - 1016 name: csum-flags 1017 type: u32 1018 byte-order: big-endian 1019 - 1020 name: expr-reject-attrs 1021 attributes: 1022 - 1023 name: type 1024 type: u32 1025 byte-order: big-endian 1026 enum: reject-types 1027 - 1028 name: icmp-code 1029 type: u8 1030 - 1031 name: expr-tproxy-attrs 1032 attributes: 1033 - 1034 name: family 1035 type: u32 1036 byte-order: big-endian 1037 - 1038 name: reg-addr 1039 type: u32 1040 byte-order: big-endian 1041 - 1042 name: reg-port 1043 type: u32 1044 byte-order: big-endian 1045 - 1046 name: expr-objref-attrs 1047 attributes: 1048 - 1049 name: imm-type 1050 type: u32 1051 byte-order: big-endian 1052 - 1053 name: imm-name 1054 type: string 1055 doc: object name 1056 - 1057 name: set-sreg 1058 type: u32 1059 byte-order: big-endian 1060 - 1061 name: set-name 1062 type: string 1063 doc: name of object map 1064 - 1065 name: set-id 1066 type: u32 1067 byte-order: big-endian 1068 doc: id of object map 1069 1070sub-messages: 1071 - 1072 name: expr-ops 1073 formats: 1074 - 1075 value: bitwise 1076 attribute-set: expr-bitwise-attrs 1077 - 1078 value: cmp 1079 attribute-set: expr-cmp-attrs 1080 - 1081 value: counter 1082 attribute-set: expr-counter-attrs 1083 - 1084 value: ct 1085 attribute-set: expr-ct-attrs 1086 - 1087 value: fib 1088 attribute-set: expr-fib-attrs 1089 - 1090 value: flow_offload 1091 attribute-set: expr-flow-offload-attrs 1092 - 1093 value: immediate 1094 attribute-set: expr-immediate-attrs 1095 - 1096 value: lookup 1097 attribute-set: expr-lookup-attrs 1098 - 1099 value: meta 1100 attribute-set: expr-meta-attrs 1101 - 1102 value: nat 1103 attribute-set: expr-nat-attrs 1104 - 1105 value: objref 1106 attribute-set: expr-objref-attrs 1107 - 1108 value: payload 1109 attribute-set: expr-payload-attrs 1110 - 1111 value: quota 1112 attribute-set: quota-attrs 1113 - 1114 value: reject 1115 attribute-set: expr-reject-attrs 1116 - 1117 value: tproxy 1118 attribute-set: expr-tproxy-attrs 1119 - 1120 name: obj-data 1121 formats: 1122 - 1123 value: counter 1124 attribute-set: counter-attrs 1125 - 1126 value: quota 1127 attribute-set: quota-attrs 1128 1129operations: 1130 enum-model: directional 1131 list: 1132 - 1133 name: batch-begin 1134 doc: Start a batch of operations 1135 attribute-set: batch-attrs 1136 fixed-header: nfgenmsg 1137 do: 1138 request: 1139 value: 0x10 1140 attributes: 1141 - genid 1142 reply: 1143 value: 0x10 1144 attributes: 1145 - genid 1146 - 1147 name: batch-end 1148 doc: Finish a batch of operations 1149 attribute-set: batch-attrs 1150 fixed-header: nfgenmsg 1151 do: 1152 request: 1153 value: 0x11 1154 attributes: 1155 - genid 1156 - 1157 name: newtable 1158 doc: Create a new table. 1159 attribute-set: table-attrs 1160 fixed-header: nfgenmsg 1161 do: 1162 request: 1163 value: 0xa00 1164 attributes: 1165 - name 1166 - 1167 name: gettable 1168 doc: Get / dump tables. 1169 attribute-set: table-attrs 1170 fixed-header: nfgenmsg 1171 do: 1172 request: 1173 value: 0xa01 1174 attributes: 1175 - name 1176 reply: 1177 value: 0xa00 1178 attributes: 1179 - name 1180 - 1181 name: deltable 1182 doc: Delete an existing table. 1183 attribute-set: table-attrs 1184 fixed-header: nfgenmsg 1185 do: 1186 request: 1187 value: 0xa02 1188 attributes: 1189 - name 1190 - 1191 name: destroytable 1192 doc: Delete an existing table with destroy semantics (ignoring ENOENT errors). 1193 attribute-set: table-attrs 1194 fixed-header: nfgenmsg 1195 do: 1196 request: 1197 value: 0xa1a 1198 attributes: 1199 - name 1200 - 1201 name: newchain 1202 doc: Create a new chain. 1203 attribute-set: chain-attrs 1204 fixed-header: nfgenmsg 1205 do: 1206 request: 1207 value: 0xa03 1208 attributes: 1209 - name 1210 - 1211 name: getchain 1212 doc: Get / dump chains. 1213 attribute-set: chain-attrs 1214 fixed-header: nfgenmsg 1215 do: 1216 request: 1217 value: 0xa04 1218 attributes: 1219 - name 1220 reply: 1221 value: 0xa03 1222 attributes: 1223 - name 1224 - 1225 name: delchain 1226 doc: Delete an existing chain. 1227 attribute-set: chain-attrs 1228 fixed-header: nfgenmsg 1229 do: 1230 request: 1231 value: 0xa05 1232 attributes: 1233 - name 1234 - 1235 name: destroychain 1236 doc: Delete an existing chain with destroy semantics (ignoring ENOENT errors). 1237 attribute-set: chain-attrs 1238 fixed-header: nfgenmsg 1239 do: 1240 request: 1241 value: 0xa1b 1242 attributes: 1243 - name 1244 - 1245 name: newrule 1246 doc: Create a new rule. 1247 attribute-set: rule-attrs 1248 fixed-header: nfgenmsg 1249 do: 1250 request: 1251 value: 0xa06 1252 attributes: 1253 - name 1254 - 1255 name: getrule 1256 doc: Get / dump rules. 1257 attribute-set: rule-attrs 1258 fixed-header: nfgenmsg 1259 do: 1260 request: 1261 value: 0xa07 1262 attributes: 1263 - name 1264 reply: 1265 value: 0xa06 1266 attributes: 1267 - name 1268 - 1269 name: getrule-reset 1270 doc: Get / dump rules and reset stateful expressions. 1271 attribute-set: rule-attrs 1272 fixed-header: nfgenmsg 1273 do: 1274 request: 1275 value: 0xa19 1276 attributes: 1277 - name 1278 reply: 1279 value: 0xa06 1280 attributes: 1281 - name 1282 - 1283 name: delrule 1284 doc: Delete an existing rule. 1285 attribute-set: rule-attrs 1286 fixed-header: nfgenmsg 1287 do: 1288 request: 1289 value: 0xa08 1290 attributes: 1291 - name 1292 - 1293 name: destroyrule 1294 doc: Delete an existing rule with destroy semantics (ignoring ENOENT errors). 1295 attribute-set: rule-attrs 1296 fixed-header: nfgenmsg 1297 do: 1298 request: 1299 value: 0xa1c 1300 attributes: 1301 - name 1302 - 1303 name: newset 1304 doc: Create a new set. 1305 attribute-set: set-attrs 1306 fixed-header: nfgenmsg 1307 do: 1308 request: 1309 value: 0xa09 1310 attributes: 1311 - name 1312 - 1313 name: getset 1314 doc: Get / dump sets. 1315 attribute-set: set-attrs 1316 fixed-header: nfgenmsg 1317 do: 1318 request: 1319 value: 0xa0a 1320 attributes: 1321 - name 1322 reply: 1323 value: 0xa09 1324 attributes: 1325 - name 1326 - 1327 name: delset 1328 doc: Delete an existing set. 1329 attribute-set: set-attrs 1330 fixed-header: nfgenmsg 1331 do: 1332 request: 1333 value: 0xa0b 1334 attributes: 1335 - name 1336 - 1337 name: destroyset 1338 doc: Delete an existing set with destroy semantics (ignoring ENOENT errors). 1339 attribute-set: set-attrs 1340 fixed-header: nfgenmsg 1341 do: 1342 request: 1343 value: 0xa1d 1344 attributes: 1345 - name 1346 - 1347 name: newsetelem 1348 doc: Create a new set element. 1349 attribute-set: setelem-list-attrs 1350 fixed-header: nfgenmsg 1351 do: 1352 request: 1353 value: 0xa0c 1354 attributes: 1355 - name 1356 - 1357 name: getsetelem 1358 doc: Get / dump set elements. 1359 attribute-set: setelem-list-attrs 1360 fixed-header: nfgenmsg 1361 do: 1362 request: 1363 value: 0xa0d 1364 attributes: 1365 - name 1366 reply: 1367 value: 0xa0c 1368 attributes: 1369 - name 1370 - 1371 name: getsetelem-reset 1372 doc: Get / dump set elements and reset stateful expressions. 1373 attribute-set: setelem-list-attrs 1374 fixed-header: nfgenmsg 1375 do: 1376 request: 1377 value: 0xa21 1378 attributes: 1379 - name 1380 reply: 1381 value: 0xa0c 1382 attributes: 1383 - name 1384 - 1385 name: delsetelem 1386 doc: Delete an existing set element. 1387 attribute-set: setelem-list-attrs 1388 fixed-header: nfgenmsg 1389 do: 1390 request: 1391 value: 0xa0e 1392 attributes: 1393 - name 1394 - 1395 name: destroysetelem 1396 doc: Delete an existing set element with destroy semantics. 1397 attribute-set: setelem-list-attrs 1398 fixed-header: nfgenmsg 1399 do: 1400 request: 1401 value: 0xa1e 1402 attributes: 1403 - name 1404 - 1405 name: getgen 1406 doc: Get / dump rule-set generation. 1407 attribute-set: gen-attrs 1408 fixed-header: nfgenmsg 1409 do: 1410 request: 1411 value: 0xa10 1412 attributes: 1413 - name 1414 reply: 1415 value: 0xa0f 1416 attributes: 1417 - name 1418 - 1419 name: newobj 1420 doc: Create a new stateful object. 1421 attribute-set: obj-attrs 1422 fixed-header: nfgenmsg 1423 do: 1424 request: 1425 value: 0xa12 1426 attributes: 1427 - name 1428 - 1429 name: getobj 1430 doc: Get / dump stateful objects. 1431 attribute-set: obj-attrs 1432 fixed-header: nfgenmsg 1433 do: 1434 request: 1435 value: 0xa13 1436 attributes: 1437 - name 1438 reply: 1439 value: 0xa12 1440 attributes: 1441 - name 1442 - 1443 name: delobj 1444 doc: Delete an existing stateful object. 1445 attribute-set: obj-attrs 1446 fixed-header: nfgenmsg 1447 do: 1448 request: 1449 value: 0xa14 1450 attributes: 1451 - name 1452 - 1453 name: destroyobj 1454 doc: Delete an existing stateful object with destroy semantics. 1455 attribute-set: obj-attrs 1456 fixed-header: nfgenmsg 1457 do: 1458 request: 1459 value: 0xa1f 1460 attributes: 1461 - name 1462 - 1463 name: newflowtable 1464 doc: Create a new flow table. 1465 attribute-set: flowtable-attrs 1466 fixed-header: nfgenmsg 1467 do: 1468 request: 1469 value: 0xa16 1470 attributes: 1471 - name 1472 - 1473 name: getflowtable 1474 doc: Get / dump flow tables. 1475 attribute-set: flowtable-attrs 1476 fixed-header: nfgenmsg 1477 do: 1478 request: 1479 value: 0xa17 1480 attributes: 1481 - name 1482 reply: 1483 value: 0xa16 1484 attributes: 1485 - name 1486 - 1487 name: delflowtable 1488 doc: Delete an existing flow table. 1489 attribute-set: flowtable-attrs 1490 fixed-header: nfgenmsg 1491 do: 1492 request: 1493 value: 0xa18 1494 attributes: 1495 - name 1496 - 1497 name: destroyflowtable 1498 doc: Delete an existing flow table with destroy semantics. 1499 attribute-set: flowtable-attrs 1500 fixed-header: nfgenmsg 1501 do: 1502 request: 1503 value: 0xa20 1504 attributes: 1505 - name 1506 1507mcast-groups: 1508 list: 1509 - 1510 name: mgmt 1511