New enums/flags: - payload-base - range-ops - registers - numgen-types - log-level - log-flags Added missing enumerations: - bitwise-ops Annotated with a doc comment: - bitwise-ops Signed-off-by: Remy D. Farley --- Documentation/netlink/specs/nftables.yaml | 147 +++++++++++++++++++++- 1 file changed, 144 insertions(+), 3 deletions(-) diff --git a/Documentation/netlink/specs/nftables.yaml b/Documentation/netlink/specs/nftables.yaml index cce88819b..e0c25af1d 100644 --- a/Documentation/netlink/specs/nftables.yaml +++ b/Documentation/netlink/specs/nftables.yaml @@ -66,9 +66,23 @@ definitions: name: bitwise-ops type: enum entries: - - bool - - lshift - - rshift + - + name: mask-xor # aka bool (old name) + doc: | + mask-and-xor operation used to implement NOT, AND, OR and XOR + dreg = (sreg & mask) ^ xor + with these mask and xor values: + mask xor + NOT: 1 1 + OR: ~x x + XOR: 1 x + AND: x 0 + # Spinx docutils display warning when interleaving attrsets with strings + - name: lshift + - name: rshift + - name: and + - name: or + - name: xor - name: cmp-ops type: enum @@ -132,6 +146,12 @@ definitions: - object - concat - expr + - + name: set-elem-flags + type: flags + entries: + - interval-end + - catchall - name: lookup-flags type: flags @@ -225,6 +245,127 @@ definitions: - icmp-unreach - tcp-rst - icmpx-unreach + - + name: reject-inet-code + doc: These codes are mapped to real ICMP and ICMPv6 codes. + type: enum + entries: + - icmpx-no-route + - icmpx-port-unreach + - icmpx-host-unreach + - icmpx-admin-prohibited + - + name: payload-base + type: enum + entries: + - link-layer-header + - network-header + - transport-header + - inner-header + - tun-header + - + name: range-ops + doc: Range operator + type: enum + entries: + - eq + - neq + - + name: registers + doc: | + nf_tables registers. + nf_tables used to have five registers: a verdict register and four data + registers of size 16. The data registers have been changed to 16 registers + of size 4. For compatibility reasons, the NFT_REG_[1-4] registers still + map to areas of size 16, the 4 byte registers are addressed using + NFT_REG32_00 - NFT_REG32_15. + type: enum + entries: + # Spinx docutils display warning when interleaving attrsets and strings + - name: reg-verdict + - name: reg-1 + - name: reg-2 + - name: reg-3 + - name: reg-4 + - name: reg32-00 + value: 8 + - name: reg32-01 + - name: reg32-02 + - name: reg32-03 + - name: reg32-04 + - name: reg32-05 + - name: reg32-06 + - name: reg32-07 + - name: reg32-08 + - name: reg32-09 + - name: reg32-10 + - name: reg32-11 + - name: reg32-12 + - name: reg32-13 + - name: reg32-14 + - name: reg32-15 + - + name: numgen-types + type: enum + entries: + - incremental + - random + - + name: log-level + doc: nf_tables log levels + type: enum + entries: + - + name: emerg + doc: system is unusable + - + name: alert + doc: action must be taken immediately + - + name: crit + doc: critical conditions + - + name: err + doc: error conditions + - + name: warning + doc: warning conditions + - + name: notice + doc: normal but significant condition + - + name: info + doc: informational + - + name: debug + doc: debug-level messages + - + name: audit + doc: enabling audit logging + - + name: log-flags + doc: nf_tables log flags + header: linux/netfilter/nf_log.h + type: flags + entries: + - + name: tcpseq + doc: Log TCP sequence numbers + - + name: tcpopt + doc: Log TCP options + - + name: ipopt + doc: Log IP options + - + name: uid + doc: Log UID owning local socket + - + name: nflog + doc: Unsupported, don't reuse + - + name: macdecode + doc: Decode MAC header attribute-sets: - -- 2.50.1