.. SPDX-License-Identifier: GPL-2.0 .. NOTE: This document was auto-generated. ========================================= Family ``nftables`` netlink specification ========================================= .. contents:: :depth: 3 ------- Summary ------- Netfilter nftables configuration over netlink. ---------- Operations ---------- .. _nftables-operation-batch-begin: batch-begin =========== Start a batch of operations :attribute-set: :ref:`nftables-attribute-set-batch-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``genid``] **reply** :attributes: [``genid``] .. _nftables-operation-batch-end: batch-end ========= Finish a batch of operations :attribute-set: :ref:`nftables-attribute-set-batch-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``genid``] .. _nftables-operation-newtable: newtable ======== Create a new table. :attribute-set: :ref:`nftables-attribute-set-table-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-gettable: gettable ======== Get / dump tables. :attribute-set: :ref:`nftables-attribute-set-table-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] **reply** :attributes: [``name``] .. _nftables-operation-deltable: deltable ======== Delete an existing table. :attribute-set: :ref:`nftables-attribute-set-table-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-destroytable: destroytable ============ Delete an existing table with destroy semantics (ignoring ENOENT errors). :attribute-set: :ref:`nftables-attribute-set-table-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-newchain: newchain ======== Create a new chain. :attribute-set: :ref:`nftables-attribute-set-chain-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-getchain: getchain ======== Get / dump chains. :attribute-set: :ref:`nftables-attribute-set-chain-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] **reply** :attributes: [``name``] .. _nftables-operation-delchain: delchain ======== Delete an existing chain. :attribute-set: :ref:`nftables-attribute-set-chain-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-destroychain: destroychain ============ Delete an existing chain with destroy semantics (ignoring ENOENT errors). :attribute-set: :ref:`nftables-attribute-set-chain-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-newrule: newrule ======= Create a new rule. :attribute-set: :ref:`nftables-attribute-set-rule-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-getrule: getrule ======= Get / dump rules. :attribute-set: :ref:`nftables-attribute-set-rule-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] **reply** :attributes: [``name``] .. _nftables-operation-getrule-reset: getrule-reset ============= Get / dump rules and reset stateful expressions. :attribute-set: :ref:`nftables-attribute-set-rule-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] **reply** :attributes: [``name``] .. _nftables-operation-delrule: delrule ======= Delete an existing rule. :attribute-set: :ref:`nftables-attribute-set-rule-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-destroyrule: destroyrule =========== Delete an existing rule with destroy semantics (ignoring ENOENT errors). :attribute-set: :ref:`nftables-attribute-set-rule-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-newset: newset ====== Create a new set. :attribute-set: :ref:`nftables-attribute-set-set-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-getset: getset ====== Get / dump sets. :attribute-set: :ref:`nftables-attribute-set-set-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] **reply** :attributes: [``name``] .. _nftables-operation-delset: delset ====== Delete an existing set. :attribute-set: :ref:`nftables-attribute-set-set-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-destroyset: destroyset ========== Delete an existing set with destroy semantics (ignoring ENOENT errors). :attribute-set: :ref:`nftables-attribute-set-set-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-newsetelem: newsetelem ========== Create a new set element. :attribute-set: :ref:`nftables-attribute-set-setelem-list-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-getsetelem: getsetelem ========== Get / dump set elements. :attribute-set: :ref:`nftables-attribute-set-setelem-list-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] **reply** :attributes: [``name``] .. _nftables-operation-getsetelem-reset: getsetelem-reset ================ Get / dump set elements and reset stateful expressions. :attribute-set: :ref:`nftables-attribute-set-setelem-list-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] **reply** :attributes: [``name``] .. _nftables-operation-delsetelem: delsetelem ========== Delete an existing set element. :attribute-set: :ref:`nftables-attribute-set-setelem-list-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-destroysetelem: destroysetelem ============== Delete an existing set element with destroy semantics. :attribute-set: :ref:`nftables-attribute-set-setelem-list-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-getgen: getgen ====== Get / dump rule-set generation. :attribute-set: :ref:`nftables-attribute-set-gen-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] **reply** :attributes: [``name``] .. _nftables-operation-newobj: newobj ====== Create a new stateful object. :attribute-set: :ref:`nftables-attribute-set-obj-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-getobj: getobj ====== Get / dump stateful objects. :attribute-set: :ref:`nftables-attribute-set-obj-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] **reply** :attributes: [``name``] .. _nftables-operation-delobj: delobj ====== Delete an existing stateful object. :attribute-set: :ref:`nftables-attribute-set-obj-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-destroyobj: destroyobj ========== Delete an existing stateful object with destroy semantics. :attribute-set: :ref:`nftables-attribute-set-obj-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-newflowtable: newflowtable ============ Create a new flow table. :attribute-set: :ref:`nftables-attribute-set-flowtable-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-getflowtable: getflowtable ============ Get / dump flow tables. :attribute-set: :ref:`nftables-attribute-set-flowtable-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] **reply** :attributes: [``name``] .. _nftables-operation-delflowtable: delflowtable ============ Delete an existing flow table. :attribute-set: :ref:`nftables-attribute-set-flowtable-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] .. _nftables-operation-destroyflowtable: destroyflowtable ================ Delete an existing flow table with destroy semantics. :attribute-set: :ref:`nftables-attribute-set-flowtable-attrs` :fixed-header: :ref:`nftables-definition-nfgenmsg` :do: **request** :attributes: [``name``] ---------------- Multicast groups ---------------- - mgmt ----------- Definitions ----------- .. _nftables-definition-nfgenmsg: nfgenmsg ======== :type: struct :members: :nfgen-family (``u8``): :version (``u8``): :res-id (``u16``): .. _nftables-definition-meta-keys: meta-keys ========= :type: enum :entries: - ``len`` - ``protocol`` - ``priority`` - ``mark`` - ``iif`` - ``oif`` - ``iifname`` - ``oifname`` - ``iftype`` - ``oiftype`` - ``skuid`` - ``skgid`` - ``nftrace`` - ``rtclassid`` - ``secmark`` - ``nfproto`` - ``l4-proto`` - ``bri-iifname`` - ``bri-oifname`` - ``pkttype`` - ``cpu`` - ``iifgroup`` - ``oifgroup`` - ``cgroup`` - ``prandom`` - ``secpath`` - ``iifkind`` - ``oifkind`` - ``bri-iifpvid`` - ``bri-iifvproto`` - ``time-ns`` - ``time-day`` - ``time-hour`` - ``sdif`` - ``sdifname`` - ``bri-broute`` .. _nftables-definition-cmp-ops: cmp-ops ======= :type: enum :entries: - ``eq`` - ``neq`` - ``lt`` - ``lte`` - ``gt`` - ``gte`` .. _nftables-definition-object-type: object-type =========== :type: enum :entries: - ``unspec`` - ``counter`` - ``quota`` - ``ct-helper`` - ``limit`` - ``connlimit`` - ``tunnel`` - ``ct-timeout`` - ``secmark`` - ``ct-expect`` - ``synproxy`` .. _nftables-definition-nat-range-flags: nat-range-flags =============== :type: flags :entries: - ``map-ips`` - ``proto-specified`` - ``proto-random`` - ``persistent`` - ``proto-random-fully`` - ``proto-offset`` - ``netmap`` .. _nftables-definition-table-flags: table-flags =========== :type: flags :entries: - ``dormant`` - ``owner`` - ``persist`` .. _nftables-definition-chain-flags: chain-flags =========== :type: flags :entries: - ``base`` - ``hw-offload`` - ``binding`` .. _nftables-definition-set-flags: set-flags ========= :type: flags :entries: - ``anonymous`` - ``constant`` - ``interval`` - ``map`` - ``timeout`` - ``eval`` - ``object`` - ``concat`` - ``expr`` -------------- Attribute sets -------------- .. _nftables-attribute-set-empty-attrs: empty-attrs =========== name (``string``) ~~~~~~~~~~~~~~~~~ .. _nftables-attribute-set-batch-attrs: batch-attrs =========== genid (``u32``) ~~~~~~~~~~~~~~~ :byte-order: big-endian .. _nftables-attribute-set-table-attrs: table-attrs =========== name (``string``) ~~~~~~~~~~~~~~~~~ :doc: name of the table flags (``u32``) ~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: bitmask of flags :enum: :ref:`nftables-definition-table-flags` :enum-as-flags: True use (``u32``) ~~~~~~~~~~~~~ :byte-order: big-endian :doc: number of chains in this table handle (``u64``) ~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: numeric handle of the table userdata (``binary``) ~~~~~~~~~~~~~~~~~~~~~ :doc: user data .. _nftables-attribute-set-chain-attrs: chain-attrs =========== table (``string``) ~~~~~~~~~~~~~~~~~~ :doc: name of the table containing the chain handle (``u64``) ~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: numeric handle of the chain name (``string``) ~~~~~~~~~~~~~~~~~ :doc: name of the chain hook (``nest``) ~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-nft-hook-attrs` :doc: hook specification for basechains policy (``u32``) ~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: numeric policy of the chain use (``u32``) ~~~~~~~~~~~~~ :byte-order: big-endian :doc: number of references to this chain type (``string``) ~~~~~~~~~~~~~~~~~ :doc: type name of the chain counters (``nest``) ~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-nft-counter-attrs` :doc: counter specification of the chain flags (``u32``) ~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: chain flags :enum: :ref:`nftables-definition-chain-flags` :enum-as-flags: True id (``u32``) ~~~~~~~~~~~~ :byte-order: big-endian :doc: uniquely identifies a chain in a transaction userdata (``binary``) ~~~~~~~~~~~~~~~~~~~~~ :doc: user data .. _nftables-attribute-set-counter-attrs: counter-attrs ============= bytes (``u64``) ~~~~~~~~~~~~~~~ :byte-order: big-endian packets (``u64``) ~~~~~~~~~~~~~~~~~ :byte-order: big-endian pad (``pad``) ~~~~~~~~~~~~~ .. _nftables-attribute-set-nft-hook-attrs: nft-hook-attrs ============== num (``u32``) ~~~~~~~~~~~~~ :byte-order: big-endian priority (``s32``) ~~~~~~~~~~~~~~~~~~ :byte-order: big-endian dev (``string``) ~~~~~~~~~~~~~~~~ :doc: net device name devs (``nest``) ~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-hook-dev-attrs` :doc: list of net devices .. _nftables-attribute-set-hook-dev-attrs: hook-dev-attrs ============== name (``string``) ~~~~~~~~~~~~~~~~~ :multi-attr: True .. _nftables-attribute-set-nft-counter-attrs: nft-counter-attrs ================= bytes (``u64``) ~~~~~~~~~~~~~~~ packets (``u64``) ~~~~~~~~~~~~~~~~~ .. _nftables-attribute-set-rule-attrs: rule-attrs ========== table (``string``) ~~~~~~~~~~~~~~~~~~ :doc: name of the table containing the rule chain (``string``) ~~~~~~~~~~~~~~~~~~ :doc: name of the chain containing the rule handle (``u64``) ~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: numeric handle of the rule expressions (``nest``) ~~~~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-expr-list-attrs` :doc: list of expressions compat (``nest``) ~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-rule-compat-attrs` :doc: compatibility specifications of the rule position (``u64``) ~~~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: numeric handle of the previous rule userdata (``binary``) ~~~~~~~~~~~~~~~~~~~~~ :doc: user data id (``u32``) ~~~~~~~~~~~~ :doc: uniquely identifies a rule in a transaction position-id (``u32``) ~~~~~~~~~~~~~~~~~~~~~ :doc: transaction unique identifier of the previous rule chain-id (``u32``) ~~~~~~~~~~~~~~~~~~ :doc: add the rule to chain by ID, alternative to chain name .. _nftables-attribute-set-expr-list-attrs: expr-list-attrs =============== elem (``nest``) ~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-expr-attrs` :multi-attr: True .. _nftables-attribute-set-expr-attrs: expr-attrs ========== name (``string``) ~~~~~~~~~~~~~~~~~ :doc: name of the expression type data (``sub-message``) ~~~~~~~~~~~~~~~~~~~~~~ :sub-message: :ref:`nftables-sub-message-expr-ops` :selector: name :doc: type specific data .. _nftables-attribute-set-rule-compat-attrs: rule-compat-attrs ================= proto (``binary``) ~~~~~~~~~~~~~~~~~~ :doc: numeric value of the handled protocol flags (``binary``) ~~~~~~~~~~~~~~~~~~ :doc: bitmask of flags .. _nftables-attribute-set-set-attrs: set-attrs ========= table (``string``) ~~~~~~~~~~~~~~~~~~ :doc: table name name (``string``) ~~~~~~~~~~~~~~~~~ :doc: set name flags (``u32``) ~~~~~~~~~~~~~~~ :enum: :ref:`nftables-definition-set-flags` :byte-order: big-endian :doc: bitmask of enum nft_set_flags key-type (``u32``) ~~~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: key data type, informational purpose only key-len (``u32``) ~~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: key data length data-type (``u32``) ~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: mapping data type data-len (``u32``) ~~~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: mapping data length policy (``u32``) ~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: selection policy desc (``nest``) ~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-set-desc-attrs` :doc: set description id (``u32``) ~~~~~~~~~~~~ :doc: uniquely identifies a set in a transaction timeout (``u64``) ~~~~~~~~~~~~~~~~~ :doc: default timeout value gc-interval (``u32``) ~~~~~~~~~~~~~~~~~~~~~ :doc: garbage collection interval userdata (``binary``) ~~~~~~~~~~~~~~~~~~~~~ :doc: user data pad (``pad``) ~~~~~~~~~~~~~ obj-type (``u32``) ~~~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: stateful object type handle (``u64``) ~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: set handle expr (``nest``) ~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-expr-attrs` :doc: set expression :multi-attr: True expressions (``nest``) ~~~~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-set-list-attrs` :doc: list of expressions .. _nftables-attribute-set-set-desc-attrs: set-desc-attrs ============== size (``u32``) ~~~~~~~~~~~~~~ :byte-order: big-endian :doc: number of elements in set concat (``nest``) ~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-set-desc-concat-attrs` :doc: description of field concatenation :multi-attr: True .. _nftables-attribute-set-set-desc-concat-attrs: set-desc-concat-attrs ===================== elem (``nest``) ~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-set-field-attrs` .. _nftables-attribute-set-set-field-attrs: set-field-attrs =============== len (``u32``) ~~~~~~~~~~~~~ :byte-order: big-endian .. _nftables-attribute-set-set-list-attrs: set-list-attrs ============== elem (``nest``) ~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-expr-attrs` :multi-attr: True .. _nftables-attribute-set-setelem-attrs: setelem-attrs ============= key (``nest``) ~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-data-attrs` :doc: key value data (``nest``) ~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-data-attrs` :doc: data value of mapping flags (``binary``) ~~~~~~~~~~~~~~~~~~ :doc: bitmask of nft_set_elem_flags timeout (``u64``) ~~~~~~~~~~~~~~~~~ :doc: timeout value expiration (``u64``) ~~~~~~~~~~~~~~~~~~~~ :doc: expiration time userdata (``binary``) ~~~~~~~~~~~~~~~~~~~~~ :doc: user data expr (``nest``) ~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-expr-attrs` :doc: expression objref (``string``) ~~~~~~~~~~~~~~~~~~~ :doc: stateful object reference key-end (``nest``) ~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-data-attrs` :doc: closing key value expressions (``nest``) ~~~~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-expr-list-attrs` :doc: list of expressions .. _nftables-attribute-set-setelem-list-elem-attrs: setelem-list-elem-attrs ======================= elem (``nest``) ~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-setelem-attrs` :multi-attr: True .. _nftables-attribute-set-setelem-list-attrs: setelem-list-attrs ================== table (``string``) ~~~~~~~~~~~~~~~~~~ set (``string``) ~~~~~~~~~~~~~~~~ elements (``nest``) ~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-setelem-list-elem-attrs` set-id (``u32``) ~~~~~~~~~~~~~~~~ .. _nftables-attribute-set-gen-attrs: gen-attrs ========= id (``u32``) ~~~~~~~~~~~~ :byte-order: big-endian :doc: ruleset generation id proc-pid (``u32``) ~~~~~~~~~~~~~~~~~~ :byte-order: big-endian proc-name (``string``) ~~~~~~~~~~~~~~~~~~~~~~ .. _nftables-attribute-set-obj-attrs: obj-attrs ========= table (``string``) ~~~~~~~~~~~~~~~~~~ :doc: name of the table containing the expression name (``string``) ~~~~~~~~~~~~~~~~~ :doc: name of this expression type type (``u32``) ~~~~~~~~~~~~~~ :enum: :ref:`nftables-definition-object-type` :byte-order: big-endian :doc: stateful object type data (``sub-message``) ~~~~~~~~~~~~~~~~~~~~~~ :sub-message: :ref:`nftables-sub-message-obj-data` :selector: type :doc: stateful object data use (``u32``) ~~~~~~~~~~~~~ :byte-order: big-endian :doc: number of references to this expression handle (``u64``) ~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: object handle pad (``pad``) ~~~~~~~~~~~~~ userdata (``binary``) ~~~~~~~~~~~~~~~~~~~~~ :doc: user data .. _nftables-attribute-set-quota-attrs: quota-attrs =========== bytes (``u64``) ~~~~~~~~~~~~~~~ :byte-order: big-endian flags (``u32``) ~~~~~~~~~~~~~~~ :byte-order: big-endian pad (``pad``) ~~~~~~~~~~~~~ consumed (``u64``) ~~~~~~~~~~~~~~~~~~ :byte-order: big-endian .. _nftables-attribute-set-flowtable-attrs: flowtable-attrs =============== table (``string``) ~~~~~~~~~~~~~~~~~~ name (``string``) ~~~~~~~~~~~~~~~~~ hook (``nest``) ~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-flowtable-hook-attrs` use (``u32``) ~~~~~~~~~~~~~ :byte-order: big-endian handle (``u64``) ~~~~~~~~~~~~~~~~ :byte-order: big-endian pad (``pad``) ~~~~~~~~~~~~~ flags (``u32``) ~~~~~~~~~~~~~~~ :byte-order: big-endian .. _nftables-attribute-set-flowtable-hook-attrs: flowtable-hook-attrs ==================== num (``u32``) ~~~~~~~~~~~~~ :byte-order: big-endian priority (``u32``) ~~~~~~~~~~~~~~~~~~ :byte-order: big-endian devs (``nest``) ~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-hook-dev-attrs` .. _nftables-attribute-set-expr-cmp-attrs: expr-cmp-attrs ============== sreg (``u32``) ~~~~~~~~~~~~~~ :byte-order: big-endian op (``u32``) ~~~~~~~~~~~~ :byte-order: big-endian :enum: :ref:`nftables-definition-cmp-ops` data (``nest``) ~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-data-attrs` .. _nftables-attribute-set-data-attrs: data-attrs ========== value (``binary``) ~~~~~~~~~~~~~~~~~~ verdict (``nest``) ~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-verdict-attrs` .. _nftables-attribute-set-verdict-attrs: verdict-attrs ============= code (``u32``) ~~~~~~~~~~~~~~ :byte-order: big-endian chain (``string``) ~~~~~~~~~~~~~~~~~~ chain-id (``u32``) ~~~~~~~~~~~~~~~~~~ .. _nftables-attribute-set-expr-counter-attrs: expr-counter-attrs ================== bytes (``u64``) ~~~~~~~~~~~~~~~ :doc: Number of bytes packets (``u64``) ~~~~~~~~~~~~~~~~~ :doc: Number of packets pad (``pad``) ~~~~~~~~~~~~~ .. _nftables-attribute-set-expr-flow-offload-attrs: expr-flow-offload-attrs ======================= name (``string``) ~~~~~~~~~~~~~~~~~ :doc: Flow offload table name .. _nftables-attribute-set-expr-immediate-attrs: expr-immediate-attrs ==================== dreg (``u32``) ~~~~~~~~~~~~~~ :byte-order: big-endian data (``nest``) ~~~~~~~~~~~~~~~ :nested-attributes: :ref:`nftables-attribute-set-data-attrs` .. _nftables-attribute-set-expr-meta-attrs: expr-meta-attrs =============== dreg (``u32``) ~~~~~~~~~~~~~~ :byte-order: big-endian key (``u32``) ~~~~~~~~~~~~~ :byte-order: big-endian :enum: :ref:`nftables-definition-meta-keys` sreg (``u32``) ~~~~~~~~~~~~~~ :byte-order: big-endian .. _nftables-attribute-set-expr-nat-attrs: expr-nat-attrs ============== type (``u32``) ~~~~~~~~~~~~~~ :byte-order: big-endian family (``u32``) ~~~~~~~~~~~~~~~~ :byte-order: big-endian reg-addr-min (``u32``) ~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian reg-addr-max (``u32``) ~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian reg-proto-min (``u32``) ~~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian reg-proto-max (``u32``) ~~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian flags (``u32``) ~~~~~~~~~~~~~~~ :byte-order: big-endian :enum: :ref:`nftables-definition-nat-range-flags` :enum-as-flags: True .. _nftables-attribute-set-expr-payload-attrs: expr-payload-attrs ================== dreg (``u32``) ~~~~~~~~~~~~~~ :byte-order: big-endian base (``u32``) ~~~~~~~~~~~~~~ :byte-order: big-endian offset (``u32``) ~~~~~~~~~~~~~~~~ :byte-order: big-endian len (``u32``) ~~~~~~~~~~~~~ :byte-order: big-endian sreg (``u32``) ~~~~~~~~~~~~~~ :byte-order: big-endian csum-type (``u32``) ~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian csum-offset (``u32``) ~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian csum-flags (``u32``) ~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian .. _nftables-attribute-set-expr-tproxy-attrs: expr-tproxy-attrs ================= family (``u32``) ~~~~~~~~~~~~~~~~ :byte-order: big-endian reg-addr (``u32``) ~~~~~~~~~~~~~~~~~~ :byte-order: big-endian reg-port (``u32``) ~~~~~~~~~~~~~~~~~~ :byte-order: big-endian ------------ Sub-messages ------------ .. _nftables-sub-message-expr-ops: expr-ops ======== - **bitwise** - **cmp** :attribute-set: :ref:`nftables-attribute-set-expr-cmp-attrs` - **counter** :attribute-set: :ref:`nftables-attribute-set-expr-counter-attrs` - **ct** - **flow_offload** :attribute-set: :ref:`nftables-attribute-set-expr-flow-offload-attrs` - **immediate** :attribute-set: :ref:`nftables-attribute-set-expr-immediate-attrs` - **lookup** - **meta** :attribute-set: :ref:`nftables-attribute-set-expr-meta-attrs` - **nat** :attribute-set: :ref:`nftables-attribute-set-expr-nat-attrs` - **payload** :attribute-set: :ref:`nftables-attribute-set-expr-payload-attrs` - **tproxy** :attribute-set: :ref:`nftables-attribute-set-expr-tproxy-attrs` .. _nftables-sub-message-obj-data: obj-data ======== - **counter** :attribute-set: :ref:`nftables-attribute-set-counter-attrs` - **quota** :attribute-set: :ref:`nftables-attribute-set-quota-attrs`