nftables.yaml 30 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532
  1. # SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
  2. ---
  3. name: nftables
  4. protocol: netlink-raw
  5. protonum: 12
  6. doc: >-
  7. Netfilter nftables configuration over netlink.
  8. definitions:
  9. -
  10. name: nfgenmsg
  11. type: struct
  12. members:
  13. -
  14. name: nfgen-family
  15. type: u8
  16. -
  17. name: version
  18. type: u8
  19. -
  20. name: res-id
  21. byte-order: big-endian
  22. type: u16
  23. -
  24. name: meta-keys
  25. type: enum
  26. entries:
  27. - len
  28. - protocol
  29. - priority
  30. - mark
  31. - iif
  32. - oif
  33. - iifname
  34. - oifname
  35. - iftype
  36. - oiftype
  37. - skuid
  38. - skgid
  39. - nftrace
  40. - rtclassid
  41. - secmark
  42. - nfproto
  43. - l4-proto
  44. - bri-iifname
  45. - bri-oifname
  46. - pkttype
  47. - cpu
  48. - iifgroup
  49. - oifgroup
  50. - cgroup
  51. - prandom
  52. - secpath
  53. - iifkind
  54. - oifkind
  55. - bri-iifpvid
  56. - bri-iifvproto
  57. - time-ns
  58. - time-day
  59. - time-hour
  60. - sdif
  61. - sdifname
  62. - bri-broute
  63. -
  64. name: bitwise-ops
  65. type: enum
  66. entries:
  67. - bool
  68. - lshift
  69. - rshift
  70. -
  71. name: cmp-ops
  72. type: enum
  73. entries:
  74. - eq
  75. - neq
  76. - lt
  77. - lte
  78. - gt
  79. - gte
  80. -
  81. name: object-type
  82. type: enum
  83. entries:
  84. - unspec
  85. - counter
  86. - quota
  87. - ct-helper
  88. - limit
  89. - connlimit
  90. - tunnel
  91. - ct-timeout
  92. - secmark
  93. - ct-expect
  94. - synproxy
  95. -
  96. name: nat-range-flags
  97. type: flags
  98. entries:
  99. - map-ips
  100. - proto-specified
  101. - proto-random
  102. - persistent
  103. - proto-random-fully
  104. - proto-offset
  105. - netmap
  106. -
  107. name: table-flags
  108. type: flags
  109. entries:
  110. - dormant
  111. - owner
  112. - persist
  113. -
  114. name: chain-flags
  115. type: flags
  116. entries:
  117. - base
  118. - hw-offload
  119. - binding
  120. -
  121. name: set-flags
  122. type: flags
  123. entries:
  124. - anonymous
  125. - constant
  126. - interval
  127. - map
  128. - timeout
  129. - eval
  130. - object
  131. - concat
  132. - expr
  133. -
  134. name: lookup-flags
  135. type: flags
  136. entries:
  137. - invert
  138. -
  139. name: ct-keys
  140. type: enum
  141. entries:
  142. - state
  143. - direction
  144. - status
  145. - mark
  146. - secmark
  147. - expiration
  148. - helper
  149. - l3protocol
  150. - src
  151. - dst
  152. - protocol
  153. - proto-src
  154. - proto-dst
  155. - labels
  156. - pkts
  157. - bytes
  158. - avgpkt
  159. - zone
  160. - eventmask
  161. - src-ip
  162. - dst-ip
  163. - src-ip6
  164. - dst-ip6
  165. - ct-id
  166. -
  167. name: ct-direction
  168. type: enum
  169. entries:
  170. - original
  171. - reply
  172. -
  173. name: quota-flags
  174. type: flags
  175. entries:
  176. - invert
  177. - depleted
  178. -
  179. name: verdict-code
  180. type: enum
  181. entries:
  182. - name: continue
  183. value: 0xffffffff
  184. - name: break
  185. value: 0xfffffffe
  186. - name: jump
  187. value: 0xfffffffd
  188. - name: goto
  189. value: 0xfffffffc
  190. - name: return
  191. value: 0xfffffffb
  192. - name: drop
  193. value: 0
  194. - name: accept
  195. value: 1
  196. - name: stolen
  197. value: 2
  198. - name: queue
  199. value: 3
  200. - name: repeat
  201. value: 4
  202. -
  203. name: fib-result
  204. type: enum
  205. entries:
  206. - oif
  207. - oifname
  208. - addrtype
  209. -
  210. name: fib-flags
  211. type: flags
  212. entries:
  213. - saddr
  214. - daddr
  215. - mark
  216. - iif
  217. - oif
  218. - present
  219. -
  220. name: reject-types
  221. type: enum
  222. entries:
  223. - icmp-unreach
  224. - tcp-rst
  225. - icmpx-unreach
  226. attribute-sets:
  227. -
  228. name: empty-attrs
  229. attributes:
  230. -
  231. name: name
  232. type: string
  233. -
  234. name: batch-attrs
  235. attributes:
  236. -
  237. name: genid
  238. type: u32
  239. byte-order: big-endian
  240. -
  241. name: table-attrs
  242. attributes:
  243. -
  244. name: name
  245. type: string
  246. doc: name of the table
  247. -
  248. name: flags
  249. type: u32
  250. byte-order: big-endian
  251. doc: bitmask of flags
  252. enum: table-flags
  253. enum-as-flags: true
  254. -
  255. name: use
  256. type: u32
  257. byte-order: big-endian
  258. doc: number of chains in this table
  259. -
  260. name: handle
  261. type: u64
  262. byte-order: big-endian
  263. doc: numeric handle of the table
  264. -
  265. name: userdata
  266. type: binary
  267. doc: user data
  268. -
  269. name: chain-attrs
  270. attributes:
  271. -
  272. name: table
  273. type: string
  274. doc: name of the table containing the chain
  275. -
  276. name: handle
  277. type: u64
  278. byte-order: big-endian
  279. doc: numeric handle of the chain
  280. -
  281. name: name
  282. type: string
  283. doc: name of the chain
  284. -
  285. name: hook
  286. type: nest
  287. nested-attributes: nft-hook-attrs
  288. doc: hook specification for basechains
  289. -
  290. name: policy
  291. type: u32
  292. byte-order: big-endian
  293. doc: numeric policy of the chain
  294. -
  295. name: use
  296. type: u32
  297. byte-order: big-endian
  298. doc: number of references to this chain
  299. -
  300. name: type
  301. type: string
  302. doc: type name of the chain
  303. -
  304. name: counters
  305. type: nest
  306. nested-attributes: nft-counter-attrs
  307. doc: counter specification of the chain
  308. -
  309. name: flags
  310. type: u32
  311. byte-order: big-endian
  312. doc: chain flags
  313. enum: chain-flags
  314. enum-as-flags: true
  315. -
  316. name: id
  317. type: u32
  318. byte-order: big-endian
  319. doc: uniquely identifies a chain in a transaction
  320. -
  321. name: userdata
  322. type: binary
  323. doc: user data
  324. -
  325. name: counter-attrs
  326. attributes:
  327. -
  328. name: bytes
  329. type: u64
  330. byte-order: big-endian
  331. -
  332. name: packets
  333. type: u64
  334. byte-order: big-endian
  335. -
  336. name: pad
  337. type: pad
  338. -
  339. name: nft-hook-attrs
  340. attributes:
  341. -
  342. name: num
  343. type: u32
  344. byte-order: big-endian
  345. -
  346. name: priority
  347. type: s32
  348. byte-order: big-endian
  349. -
  350. name: dev
  351. type: string
  352. doc: net device name
  353. -
  354. name: devs
  355. type: nest
  356. nested-attributes: hook-dev-attrs
  357. doc: list of net devices
  358. -
  359. name: hook-dev-attrs
  360. attributes:
  361. -
  362. name: name
  363. type: string
  364. multi-attr: true
  365. -
  366. name: nft-counter-attrs
  367. attributes:
  368. -
  369. name: bytes
  370. type: u64
  371. -
  372. name: packets
  373. type: u64
  374. -
  375. name: rule-attrs
  376. attributes:
  377. -
  378. name: table
  379. type: string
  380. doc: name of the table containing the rule
  381. -
  382. name: chain
  383. type: string
  384. doc: name of the chain containing the rule
  385. -
  386. name: handle
  387. type: u64
  388. byte-order: big-endian
  389. doc: numeric handle of the rule
  390. -
  391. name: expressions
  392. type: nest
  393. nested-attributes: expr-list-attrs
  394. doc: list of expressions
  395. -
  396. name: compat
  397. type: nest
  398. nested-attributes: rule-compat-attrs
  399. doc: compatibility specifications of the rule
  400. -
  401. name: position
  402. type: u64
  403. byte-order: big-endian
  404. doc: numeric handle of the previous rule
  405. -
  406. name: userdata
  407. type: binary
  408. doc: user data
  409. -
  410. name: id
  411. type: u32
  412. doc: uniquely identifies a rule in a transaction
  413. -
  414. name: position-id
  415. type: u32
  416. doc: transaction unique identifier of the previous rule
  417. -
  418. name: chain-id
  419. type: u32
  420. doc: add the rule to chain by ID, alternative to chain name
  421. -
  422. name: expr-list-attrs
  423. attributes:
  424. -
  425. name: elem
  426. type: nest
  427. nested-attributes: expr-attrs
  428. multi-attr: true
  429. -
  430. name: expr-attrs
  431. attributes:
  432. -
  433. name: name
  434. type: string
  435. doc: name of the expression type
  436. -
  437. name: data
  438. type: sub-message
  439. sub-message: expr-ops
  440. selector: name
  441. doc: type specific data
  442. -
  443. name: rule-compat-attrs
  444. attributes:
  445. -
  446. name: proto
  447. type: binary
  448. doc: numeric value of the handled protocol
  449. -
  450. name: flags
  451. type: binary
  452. doc: bitmask of flags
  453. -
  454. name: set-attrs
  455. attributes:
  456. -
  457. name: table
  458. type: string
  459. doc: table name
  460. -
  461. name: name
  462. type: string
  463. doc: set name
  464. -
  465. name: flags
  466. type: u32
  467. enum: set-flags
  468. byte-order: big-endian
  469. doc: bitmask of enum nft_set_flags
  470. -
  471. name: key-type
  472. type: u32
  473. byte-order: big-endian
  474. doc: key data type, informational purpose only
  475. -
  476. name: key-len
  477. type: u32
  478. byte-order: big-endian
  479. doc: key data length
  480. -
  481. name: data-type
  482. type: u32
  483. byte-order: big-endian
  484. doc: mapping data type
  485. -
  486. name: data-len
  487. type: u32
  488. byte-order: big-endian
  489. doc: mapping data length
  490. -
  491. name: policy
  492. type: u32
  493. byte-order: big-endian
  494. doc: selection policy
  495. -
  496. name: desc
  497. type: nest
  498. nested-attributes: set-desc-attrs
  499. doc: set description
  500. -
  501. name: id
  502. type: u32
  503. doc: uniquely identifies a set in a transaction
  504. -
  505. name: timeout
  506. type: u64
  507. doc: default timeout value
  508. -
  509. name: gc-interval
  510. type: u32
  511. doc: garbage collection interval
  512. -
  513. name: userdata
  514. type: binary
  515. doc: user data
  516. -
  517. name: pad
  518. type: pad
  519. -
  520. name: obj-type
  521. type: u32
  522. byte-order: big-endian
  523. doc: stateful object type
  524. -
  525. name: handle
  526. type: u64
  527. byte-order: big-endian
  528. doc: set handle
  529. -
  530. name: expr
  531. type: nest
  532. nested-attributes: expr-attrs
  533. doc: set expression
  534. multi-attr: true
  535. -
  536. name: expressions
  537. type: nest
  538. nested-attributes: set-list-attrs
  539. doc: list of expressions
  540. -
  541. name: set-desc-attrs
  542. attributes:
  543. -
  544. name: size
  545. type: u32
  546. byte-order: big-endian
  547. doc: number of elements in set
  548. -
  549. name: concat
  550. type: nest
  551. nested-attributes: set-desc-concat-attrs
  552. doc: description of field concatenation
  553. multi-attr: true
  554. -
  555. name: set-desc-concat-attrs
  556. attributes:
  557. -
  558. name: elem
  559. type: nest
  560. nested-attributes: set-field-attrs
  561. -
  562. name: set-field-attrs
  563. attributes:
  564. -
  565. name: len
  566. type: u32
  567. byte-order: big-endian
  568. -
  569. name: set-list-attrs
  570. attributes:
  571. -
  572. name: elem
  573. type: nest
  574. nested-attributes: expr-attrs
  575. multi-attr: true
  576. -
  577. name: setelem-attrs
  578. attributes:
  579. -
  580. name: key
  581. type: nest
  582. nested-attributes: data-attrs
  583. doc: key value
  584. -
  585. name: data
  586. type: nest
  587. nested-attributes: data-attrs
  588. doc: data value of mapping
  589. -
  590. name: flags
  591. type: binary
  592. doc: bitmask of nft_set_elem_flags
  593. -
  594. name: timeout
  595. type: u64
  596. doc: timeout value
  597. -
  598. name: expiration
  599. type: u64
  600. doc: expiration time
  601. -
  602. name: userdata
  603. type: binary
  604. doc: user data
  605. -
  606. name: expr
  607. type: nest
  608. nested-attributes: expr-attrs
  609. doc: expression
  610. -
  611. name: objref
  612. type: string
  613. doc: stateful object reference
  614. -
  615. name: key-end
  616. type: nest
  617. nested-attributes: data-attrs
  618. doc: closing key value
  619. -
  620. name: expressions
  621. type: nest
  622. nested-attributes: expr-list-attrs
  623. doc: list of expressions
  624. -
  625. name: setelem-list-elem-attrs
  626. attributes:
  627. -
  628. name: elem
  629. type: nest
  630. nested-attributes: setelem-attrs
  631. multi-attr: true
  632. -
  633. name: setelem-list-attrs
  634. attributes:
  635. -
  636. name: table
  637. type: string
  638. -
  639. name: set
  640. type: string
  641. -
  642. name: elements
  643. type: nest
  644. nested-attributes: setelem-list-elem-attrs
  645. -
  646. name: set-id
  647. type: u32
  648. -
  649. name: gen-attrs
  650. attributes:
  651. -
  652. name: id
  653. type: u32
  654. byte-order: big-endian
  655. doc: ruleset generation id
  656. -
  657. name: proc-pid
  658. type: u32
  659. byte-order: big-endian
  660. -
  661. name: proc-name
  662. type: string
  663. -
  664. name: obj-attrs
  665. attributes:
  666. -
  667. name: table
  668. type: string
  669. doc: name of the table containing the expression
  670. -
  671. name: name
  672. type: string
  673. doc: name of this expression type
  674. -
  675. name: type
  676. type: u32
  677. enum: object-type
  678. byte-order: big-endian
  679. doc: stateful object type
  680. -
  681. name: data
  682. type: sub-message
  683. sub-message: obj-data
  684. selector: type
  685. doc: stateful object data
  686. -
  687. name: use
  688. type: u32
  689. byte-order: big-endian
  690. doc: number of references to this expression
  691. -
  692. name: handle
  693. type: u64
  694. byte-order: big-endian
  695. doc: object handle
  696. -
  697. name: pad
  698. type: pad
  699. -
  700. name: userdata
  701. type: binary
  702. doc: user data
  703. -
  704. name: quota-attrs
  705. attributes:
  706. -
  707. name: bytes
  708. type: u64
  709. byte-order: big-endian
  710. -
  711. name: flags
  712. type: u32
  713. byte-order: big-endian
  714. enum: quota-flags
  715. -
  716. name: pad
  717. type: pad
  718. -
  719. name: consumed
  720. type: u64
  721. byte-order: big-endian
  722. -
  723. name: flowtable-attrs
  724. attributes:
  725. -
  726. name: table
  727. type: string
  728. -
  729. name: name
  730. type: string
  731. -
  732. name: hook
  733. type: nest
  734. nested-attributes: flowtable-hook-attrs
  735. -
  736. name: use
  737. type: u32
  738. byte-order: big-endian
  739. -
  740. name: handle
  741. type: u64
  742. byte-order: big-endian
  743. -
  744. name: pad
  745. type: pad
  746. -
  747. name: flags
  748. type: u32
  749. byte-order: big-endian
  750. -
  751. name: flowtable-hook-attrs
  752. attributes:
  753. -
  754. name: num
  755. type: u32
  756. byte-order: big-endian
  757. -
  758. name: priority
  759. type: u32
  760. byte-order: big-endian
  761. -
  762. name: devs
  763. type: nest
  764. nested-attributes: hook-dev-attrs
  765. -
  766. name: expr-bitwise-attrs
  767. attributes:
  768. -
  769. name: sreg
  770. type: u32
  771. byte-order: big-endian
  772. -
  773. name: dreg
  774. type: u32
  775. byte-order: big-endian
  776. -
  777. name: len
  778. type: u32
  779. byte-order: big-endian
  780. -
  781. name: mask
  782. type: nest
  783. nested-attributes: data-attrs
  784. -
  785. name: xor
  786. type: nest
  787. nested-attributes: data-attrs
  788. -
  789. name: op
  790. type: u32
  791. byte-order: big-endian
  792. enum: bitwise-ops
  793. -
  794. name: data
  795. type: nest
  796. nested-attributes: data-attrs
  797. -
  798. name: expr-cmp-attrs
  799. attributes:
  800. -
  801. name: sreg
  802. type: u32
  803. byte-order: big-endian
  804. -
  805. name: op
  806. type: u32
  807. byte-order: big-endian
  808. enum: cmp-ops
  809. -
  810. name: data
  811. type: nest
  812. nested-attributes: data-attrs
  813. -
  814. name: data-attrs
  815. attributes:
  816. -
  817. name: value
  818. type: binary
  819. # sub-type: u8
  820. -
  821. name: verdict
  822. type: nest
  823. nested-attributes: verdict-attrs
  824. -
  825. name: verdict-attrs
  826. attributes:
  827. -
  828. name: code
  829. type: u32
  830. byte-order: big-endian
  831. enum: verdict-code
  832. -
  833. name: chain
  834. type: string
  835. -
  836. name: chain-id
  837. type: u32
  838. -
  839. name: expr-counter-attrs
  840. attributes:
  841. -
  842. name: bytes
  843. type: u64
  844. doc: Number of bytes
  845. -
  846. name: packets
  847. type: u64
  848. doc: Number of packets
  849. -
  850. name: pad
  851. type: pad
  852. -
  853. name: expr-fib-attrs
  854. attributes:
  855. -
  856. name: dreg
  857. type: u32
  858. byte-order: big-endian
  859. -
  860. name: result
  861. type: u32
  862. byte-order: big-endian
  863. enum: fib-result
  864. -
  865. name: flags
  866. type: u32
  867. byte-order: big-endian
  868. enum: fib-flags
  869. -
  870. name: expr-ct-attrs
  871. attributes:
  872. -
  873. name: dreg
  874. type: u32
  875. byte-order: big-endian
  876. -
  877. name: key
  878. type: u32
  879. byte-order: big-endian
  880. enum: ct-keys
  881. -
  882. name: direction
  883. type: u8
  884. enum: ct-direction
  885. -
  886. name: sreg
  887. type: u32
  888. byte-order: big-endian
  889. -
  890. name: expr-flow-offload-attrs
  891. attributes:
  892. -
  893. name: name
  894. type: string
  895. doc: Flow offload table name
  896. -
  897. name: expr-immediate-attrs
  898. attributes:
  899. -
  900. name: dreg
  901. type: u32
  902. byte-order: big-endian
  903. -
  904. name: data
  905. type: nest
  906. nested-attributes: data-attrs
  907. -
  908. name: expr-lookup-attrs
  909. attributes:
  910. -
  911. name: set
  912. type: string
  913. doc: Name of set to use
  914. -
  915. name: set-id
  916. type: u32
  917. byte-order: big-endian
  918. doc: ID of set to use
  919. -
  920. name: sreg
  921. type: u32
  922. byte-order: big-endian
  923. -
  924. name: dreg
  925. type: u32
  926. byte-order: big-endian
  927. -
  928. name: flags
  929. type: u32
  930. byte-order: big-endian
  931. enum: lookup-flags
  932. -
  933. name: expr-meta-attrs
  934. attributes:
  935. -
  936. name: dreg
  937. type: u32
  938. byte-order: big-endian
  939. -
  940. name: key
  941. type: u32
  942. byte-order: big-endian
  943. enum: meta-keys
  944. -
  945. name: sreg
  946. type: u32
  947. byte-order: big-endian
  948. -
  949. name: expr-nat-attrs
  950. attributes:
  951. -
  952. name: type
  953. type: u32
  954. byte-order: big-endian
  955. -
  956. name: family
  957. type: u32
  958. byte-order: big-endian
  959. -
  960. name: reg-addr-min
  961. type: u32
  962. byte-order: big-endian
  963. -
  964. name: reg-addr-max
  965. type: u32
  966. byte-order: big-endian
  967. -
  968. name: reg-proto-min
  969. type: u32
  970. byte-order: big-endian
  971. -
  972. name: reg-proto-max
  973. type: u32
  974. byte-order: big-endian
  975. -
  976. name: flags
  977. type: u32
  978. byte-order: big-endian
  979. enum: nat-range-flags
  980. enum-as-flags: true
  981. -
  982. name: expr-payload-attrs
  983. attributes:
  984. -
  985. name: dreg
  986. type: u32
  987. byte-order: big-endian
  988. -
  989. name: base
  990. type: u32
  991. byte-order: big-endian
  992. -
  993. name: offset
  994. type: u32
  995. byte-order: big-endian
  996. -
  997. name: len
  998. type: u32
  999. byte-order: big-endian
  1000. -
  1001. name: sreg
  1002. type: u32
  1003. byte-order: big-endian
  1004. -
  1005. name: csum-type
  1006. type: u32
  1007. byte-order: big-endian
  1008. -
  1009. name: csum-offset
  1010. type: u32
  1011. byte-order: big-endian
  1012. -
  1013. name: csum-flags
  1014. type: u32
  1015. byte-order: big-endian
  1016. -
  1017. name: expr-reject-attrs
  1018. attributes:
  1019. -
  1020. name: type
  1021. type: u32
  1022. byte-order: big-endian
  1023. enum: reject-types
  1024. -
  1025. name: icmp-code
  1026. type: u8
  1027. -
  1028. name: expr-target-attrs
  1029. attributes:
  1030. -
  1031. name: name
  1032. type: string
  1033. -
  1034. name: rev
  1035. type: u32
  1036. byte-order: big-endian
  1037. -
  1038. name: info
  1039. type: binary
  1040. -
  1041. name: expr-tproxy-attrs
  1042. attributes:
  1043. -
  1044. name: family
  1045. type: u32
  1046. byte-order: big-endian
  1047. -
  1048. name: reg-addr
  1049. type: u32
  1050. byte-order: big-endian
  1051. -
  1052. name: reg-port
  1053. type: u32
  1054. byte-order: big-endian
  1055. -
  1056. name: expr-objref-attrs
  1057. attributes:
  1058. -
  1059. name: imm-type
  1060. type: u32
  1061. byte-order: big-endian
  1062. -
  1063. name: imm-name
  1064. type: string
  1065. doc: object name
  1066. -
  1067. name: set-sreg
  1068. type: u32
  1069. byte-order: big-endian
  1070. -
  1071. name: set-name
  1072. type: string
  1073. doc: name of object map
  1074. -
  1075. name: set-id
  1076. type: u32
  1077. byte-order: big-endian
  1078. doc: id of object map
  1079. sub-messages:
  1080. -
  1081. name: expr-ops
  1082. formats:
  1083. -
  1084. value: bitwise
  1085. attribute-set: expr-bitwise-attrs
  1086. -
  1087. value: cmp
  1088. attribute-set: expr-cmp-attrs
  1089. -
  1090. value: counter
  1091. attribute-set: expr-counter-attrs
  1092. -
  1093. value: ct
  1094. attribute-set: expr-ct-attrs
  1095. -
  1096. value: fib
  1097. attribute-set: expr-fib-attrs
  1098. -
  1099. value: flow_offload
  1100. attribute-set: expr-flow-offload-attrs
  1101. -
  1102. value: immediate
  1103. attribute-set: expr-immediate-attrs
  1104. -
  1105. value: lookup
  1106. attribute-set: expr-lookup-attrs
  1107. -
  1108. value: meta
  1109. attribute-set: expr-meta-attrs
  1110. -
  1111. value: nat
  1112. attribute-set: expr-nat-attrs
  1113. -
  1114. value: objref
  1115. attribute-set: expr-objref-attrs
  1116. -
  1117. value: payload
  1118. attribute-set: expr-payload-attrs
  1119. -
  1120. value: quota
  1121. attribute-set: quota-attrs
  1122. -
  1123. value: reject
  1124. attribute-set: expr-reject-attrs
  1125. -
  1126. value: target
  1127. attribute-set: expr-target-attrs
  1128. -
  1129. value: tproxy
  1130. attribute-set: expr-tproxy-attrs
  1131. -
  1132. name: obj-data
  1133. formats:
  1134. -
  1135. value: counter
  1136. attribute-set: counter-attrs
  1137. -
  1138. value: quota
  1139. attribute-set: quota-attrs
  1140. operations:
  1141. enum-model: directional
  1142. list:
  1143. -
  1144. name: batch-begin
  1145. doc: Start a batch of operations
  1146. attribute-set: batch-attrs
  1147. fixed-header: nfgenmsg
  1148. do:
  1149. request:
  1150. value: 0x10
  1151. attributes:
  1152. - genid
  1153. reply:
  1154. value: 0x10
  1155. attributes:
  1156. - genid
  1157. -
  1158. name: batch-end
  1159. doc: Finish a batch of operations
  1160. attribute-set: batch-attrs
  1161. fixed-header: nfgenmsg
  1162. do:
  1163. request:
  1164. value: 0x11
  1165. attributes:
  1166. - genid
  1167. -
  1168. name: newtable
  1169. doc: Create a new table.
  1170. attribute-set: table-attrs
  1171. fixed-header: nfgenmsg
  1172. do:
  1173. request:
  1174. value: 0xa00
  1175. attributes:
  1176. - name
  1177. -
  1178. name: gettable
  1179. doc: Get / dump tables.
  1180. attribute-set: table-attrs
  1181. fixed-header: nfgenmsg
  1182. do:
  1183. request:
  1184. value: 0xa01
  1185. attributes:
  1186. - name
  1187. reply:
  1188. value: 0xa00
  1189. attributes:
  1190. - name
  1191. -
  1192. name: deltable
  1193. doc: Delete an existing table.
  1194. attribute-set: table-attrs
  1195. fixed-header: nfgenmsg
  1196. do:
  1197. request:
  1198. value: 0xa02
  1199. attributes:
  1200. - name
  1201. -
  1202. name: destroytable
  1203. doc: |
  1204. Delete an existing table with destroy semantics (ignoring ENOENT
  1205. errors).
  1206. attribute-set: table-attrs
  1207. fixed-header: nfgenmsg
  1208. do:
  1209. request:
  1210. value: 0xa1a
  1211. attributes:
  1212. - name
  1213. -
  1214. name: newchain
  1215. doc: Create a new chain.
  1216. attribute-set: chain-attrs
  1217. fixed-header: nfgenmsg
  1218. do:
  1219. request:
  1220. value: 0xa03
  1221. attributes:
  1222. - name
  1223. -
  1224. name: getchain
  1225. doc: Get / dump chains.
  1226. attribute-set: chain-attrs
  1227. fixed-header: nfgenmsg
  1228. do:
  1229. request:
  1230. value: 0xa04
  1231. attributes:
  1232. - name
  1233. reply:
  1234. value: 0xa03
  1235. attributes:
  1236. - name
  1237. -
  1238. name: delchain
  1239. doc: Delete an existing chain.
  1240. attribute-set: chain-attrs
  1241. fixed-header: nfgenmsg
  1242. do:
  1243. request:
  1244. value: 0xa05
  1245. attributes:
  1246. - name
  1247. -
  1248. name: destroychain
  1249. doc: |
  1250. Delete an existing chain with destroy semantics (ignoring ENOENT
  1251. errors).
  1252. attribute-set: chain-attrs
  1253. fixed-header: nfgenmsg
  1254. do:
  1255. request:
  1256. value: 0xa1b
  1257. attributes:
  1258. - name
  1259. -
  1260. name: newrule
  1261. doc: Create a new rule.
  1262. attribute-set: rule-attrs
  1263. fixed-header: nfgenmsg
  1264. do:
  1265. request:
  1266. value: 0xa06
  1267. attributes:
  1268. - name
  1269. -
  1270. name: getrule
  1271. doc: Get / dump rules.
  1272. attribute-set: rule-attrs
  1273. fixed-header: nfgenmsg
  1274. do:
  1275. request:
  1276. value: 0xa07
  1277. attributes:
  1278. - name
  1279. reply:
  1280. value: 0xa06
  1281. attributes:
  1282. - name
  1283. -
  1284. name: getrule-reset
  1285. doc: Get / dump rules and reset stateful expressions.
  1286. attribute-set: rule-attrs
  1287. fixed-header: nfgenmsg
  1288. do:
  1289. request:
  1290. value: 0xa19
  1291. attributes:
  1292. - name
  1293. reply:
  1294. value: 0xa06
  1295. attributes:
  1296. - name
  1297. -
  1298. name: delrule
  1299. doc: Delete an existing rule.
  1300. attribute-set: rule-attrs
  1301. fixed-header: nfgenmsg
  1302. do:
  1303. request:
  1304. value: 0xa08
  1305. attributes:
  1306. - name
  1307. -
  1308. name: destroyrule
  1309. doc: |
  1310. Delete an existing rule with destroy semantics (ignoring ENOENT errors).
  1311. attribute-set: rule-attrs
  1312. fixed-header: nfgenmsg
  1313. do:
  1314. request:
  1315. value: 0xa1c
  1316. attributes:
  1317. - name
  1318. -
  1319. name: newset
  1320. doc: Create a new set.
  1321. attribute-set: set-attrs
  1322. fixed-header: nfgenmsg
  1323. do:
  1324. request:
  1325. value: 0xa09
  1326. attributes:
  1327. - name
  1328. -
  1329. name: getset
  1330. doc: Get / dump sets.
  1331. attribute-set: set-attrs
  1332. fixed-header: nfgenmsg
  1333. do:
  1334. request:
  1335. value: 0xa0a
  1336. attributes:
  1337. - name
  1338. reply:
  1339. value: 0xa09
  1340. attributes:
  1341. - name
  1342. -
  1343. name: delset
  1344. doc: Delete an existing set.
  1345. attribute-set: set-attrs
  1346. fixed-header: nfgenmsg
  1347. do:
  1348. request:
  1349. value: 0xa0b
  1350. attributes:
  1351. - name
  1352. -
  1353. name: destroyset
  1354. doc: |
  1355. Delete an existing set with destroy semantics (ignoring ENOENT errors).
  1356. attribute-set: set-attrs
  1357. fixed-header: nfgenmsg
  1358. do:
  1359. request:
  1360. value: 0xa1d
  1361. attributes:
  1362. - name
  1363. -
  1364. name: newsetelem
  1365. doc: Create a new set element.
  1366. attribute-set: setelem-list-attrs
  1367. fixed-header: nfgenmsg
  1368. do:
  1369. request:
  1370. value: 0xa0c
  1371. attributes:
  1372. - name
  1373. -
  1374. name: getsetelem
  1375. doc: Get / dump set elements.
  1376. attribute-set: setelem-list-attrs
  1377. fixed-header: nfgenmsg
  1378. do:
  1379. request:
  1380. value: 0xa0d
  1381. attributes:
  1382. - name
  1383. reply:
  1384. value: 0xa0c
  1385. attributes:
  1386. - name
  1387. -
  1388. name: getsetelem-reset
  1389. doc: Get / dump set elements and reset stateful expressions.
  1390. attribute-set: setelem-list-attrs
  1391. fixed-header: nfgenmsg
  1392. do:
  1393. request:
  1394. value: 0xa21
  1395. attributes:
  1396. - name
  1397. reply:
  1398. value: 0xa0c
  1399. attributes:
  1400. - name
  1401. -
  1402. name: delsetelem
  1403. doc: Delete an existing set element.
  1404. attribute-set: setelem-list-attrs
  1405. fixed-header: nfgenmsg
  1406. do:
  1407. request:
  1408. value: 0xa0e
  1409. attributes:
  1410. - name
  1411. -
  1412. name: destroysetelem
  1413. doc: Delete an existing set element with destroy semantics.
  1414. attribute-set: setelem-list-attrs
  1415. fixed-header: nfgenmsg
  1416. do:
  1417. request:
  1418. value: 0xa1e
  1419. attributes:
  1420. - name
  1421. -
  1422. name: getgen
  1423. doc: Get / dump rule-set generation.
  1424. attribute-set: gen-attrs
  1425. fixed-header: nfgenmsg
  1426. do:
  1427. request:
  1428. value: 0xa10
  1429. attributes:
  1430. - name
  1431. reply:
  1432. value: 0xa0f
  1433. attributes:
  1434. - name
  1435. -
  1436. name: newobj
  1437. doc: Create a new stateful object.
  1438. attribute-set: obj-attrs
  1439. fixed-header: nfgenmsg
  1440. do:
  1441. request:
  1442. value: 0xa12
  1443. attributes:
  1444. - name
  1445. -
  1446. name: getobj
  1447. doc: Get / dump stateful objects.
  1448. attribute-set: obj-attrs
  1449. fixed-header: nfgenmsg
  1450. do:
  1451. request:
  1452. value: 0xa13
  1453. attributes:
  1454. - name
  1455. reply:
  1456. value: 0xa12
  1457. attributes:
  1458. - name
  1459. -
  1460. name: delobj
  1461. doc: Delete an existing stateful object.
  1462. attribute-set: obj-attrs
  1463. fixed-header: nfgenmsg
  1464. do:
  1465. request:
  1466. value: 0xa14
  1467. attributes:
  1468. - name
  1469. -
  1470. name: destroyobj
  1471. doc: Delete an existing stateful object with destroy semantics.
  1472. attribute-set: obj-attrs
  1473. fixed-header: nfgenmsg
  1474. do:
  1475. request:
  1476. value: 0xa1f
  1477. attributes:
  1478. - name
  1479. -
  1480. name: newflowtable
  1481. doc: Create a new flow table.
  1482. attribute-set: flowtable-attrs
  1483. fixed-header: nfgenmsg
  1484. do:
  1485. request:
  1486. value: 0xa16
  1487. attributes:
  1488. - name
  1489. -
  1490. name: getflowtable
  1491. doc: Get / dump flow tables.
  1492. attribute-set: flowtable-attrs
  1493. fixed-header: nfgenmsg
  1494. do:
  1495. request:
  1496. value: 0xa17
  1497. attributes:
  1498. - name
  1499. reply:
  1500. value: 0xa16
  1501. attributes:
  1502. - name
  1503. -
  1504. name: delflowtable
  1505. doc: Delete an existing flow table.
  1506. attribute-set: flowtable-attrs
  1507. fixed-header: nfgenmsg
  1508. do:
  1509. request:
  1510. value: 0xa18
  1511. attributes:
  1512. - name
  1513. -
  1514. name: destroyflowtable
  1515. doc: Delete an existing flow table with destroy semantics.
  1516. attribute-set: flowtable-attrs
  1517. fixed-header: nfgenmsg
  1518. do:
  1519. request:
  1520. value: 0xa20
  1521. attributes:
  1522. - name
  1523. mcast-groups:
  1524. list:
  1525. -
  1526. name: mgmt