New attribute sets: - log-attrs - numgen-attrs - range-attrs - compat-target-attrs - compat-match-attrs - compat-attrs Added missing attributes: - table-attrs (pad, owner) - set-attrs (type, count) Added missing checks: - range-attrs - expr-bitwise-attrs - compat-target-attrs - compat-match-attrs - compat-attrs Annotated with a doc comment or an enum: - batch-attrs - verdict-attrs - expr-payload-attrs Fixed byte order: - nft-counter-attrs - expr-counter-attrs - rule-compat-attrs Signed-off-by: Remy D. Farley --- Documentation/netlink/specs/nftables.yaml | 208 +++++++++++++++++++++- 1 file changed, 203 insertions(+), 5 deletions(-) diff --git a/Documentation/netlink/specs/nftables.yaml b/Documentation/netlink/specs/nftables.yaml index e0c25af1d..01f44da90 100644 --- a/Documentation/netlink/specs/nftables.yaml +++ b/Documentation/netlink/specs/nftables.yaml @@ -369,16 +369,100 @@ definitions: attribute-sets: - - name: empty-attrs + name: log-attrs + doc: log expression netlink attributes attributes: + # Mentioned in nft_log_init() - - name: name + name: group + doc: netlink group to send messages to + type: u16 + byte-order: big-endian + - + name: prefix + doc: prefix to prepend to log messages type: string + - + name: snaplen + doc: length of payload to include in netlink message + type: u32 + byte-order: big-endian + - + name: qthreshold + doc: queue threshold + type: u16 + byte-order: big-endian + - + name: level + doc: log level + type: u32 + enum: log-level + byte-order: big-endian + - + name: flags + doc: logging flags + type: u32 + enum: log-flags + byte-order: big-endian + - + name: numgen-attrs + doc: nf_tables number generator expression netlink attributes + attributes: + - + name: dreg + doc: destination register + type: u32 + enum: registers + - + name: modulus + doc: maximum counter value + type: u32 + byte-order: big-endian + - + name: type + doc: operation type + type: u32 + byte-order: big-endian + enum: numgen-types + - + name: offset + doc: offset to be added to the counter + type: u32 + byte-order: big-endian + - + name: range-attrs + attributes: + # Mentioned in net/netfilter/nft_range.c + - + name: sreg + doc: source register of data to compare + type: u32 + byte-order: big-endian + enum: registers + - + name: op + doc: cmp operation + type: u32 + byte-order: big-endian + enum: range-ops + checks: + max: 256 + - + name: from-data + doc: data range from + type: nest + nested-attributes: data-attrs + - + name: to-data + doc: data range to + type: nest + nested-attributes: data-attrs - name: batch-attrs attributes: - name: genid + doc: generation ID for this changeset type: u32 byte-order: big-endian - @@ -405,10 +489,18 @@ attribute-sets: type: u64 byte-order: big-endian doc: numeric handle of the table + - + name: pad + type: pad - name: userdata type: binary doc: user data + - + name: owner + type: u32 + byte-order: big-endian + doc: owner of this table through netlink portID - name: chain-attrs attributes: @@ -512,9 +604,11 @@ attribute-sets: - name: bytes type: u64 + byte-order: big-endian - name: packets type: u64 + byte-order: big-endian - name: rule-attrs attributes: @@ -584,15 +678,18 @@ attribute-sets: selector: name doc: type specific data - + # Mentioned in nft_parse_compat() in net/netfilter/nft_compat.c name: rule-compat-attrs attributes: - name: proto - type: binary + type: u32 + byte-order: big-endian doc: numeric value of the handled protocol - name: flags - type: binary + type: u32 + byte-order: big-endian doc: bitmask of flags - name: set-attrs @@ -681,6 +778,15 @@ attribute-sets: type: nest nested-attributes: set-list-attrs doc: list of expressions + - + name: type + type: string + doc: set backend type + - + name: count + type: u32 + byte-order: big-endian + doc: number of set elements - name: set-desc-attrs attributes: @@ -934,6 +1040,8 @@ attribute-sets: type: u32 byte-order: big-endian enum: bitwise-ops + checks: + max: 255 - name: data type: nest @@ -970,25 +1078,31 @@ attribute-sets: attributes: - name: code + doc: nf_tables verdict type: u32 byte-order: big-endian enum: verdict-code - name: chain + doc: jump target chain name type: string - name: chain-id + doc: jump target chain ID type: u32 + byte-order: big-endian - name: expr-counter-attrs attributes: - name: bytes type: u64 + byte-order: big-endian doc: Number of bytes - name: packets type: u64 + byte-order: big-endian doc: Number of packets - name: pad @@ -1056,7 +1170,7 @@ attribute-sets: type: string doc: Name of set to use - - name: set id + name: set-id type: u32 byte-order: big-endian doc: ID of set to use @@ -1073,6 +1187,25 @@ attribute-sets: type: u32 byte-order: big-endian enum: lookup-flags + - + name: expr-masq-attrs + attributes: + - + name: flags + type: u32 + byte-order: big-endian + enum: nat-range-flags + enum-as-flags: true + - + name: reg-proto-min + type: u32 + byte-order: big-endian + enum: registers + - + name: reg-proto-max + type: u32 + byte-order: big-endian + enum: registers - name: expr-meta-attrs attributes: @@ -1124,37 +1257,49 @@ attribute-sets: enum-as-flags: true - name: expr-payload-attrs + doc: nf_tables payload expression netlink attributes attributes: - name: dreg + doc: destination register to load data into type: u32 byte-order: big-endian + enum: registers - name: base + doc: payload base type: u32 + enum: payload-base byte-order: big-endian - name: offset + doc: payload offset relative to base type: u32 byte-order: big-endian - name: len + doc: payload length type: u32 byte-order: big-endian - name: sreg + doc: source register to load data from type: u32 byte-order: big-endian + enum: registers - name: csum-type + doc: checksum type type: u32 byte-order: big-endian - name: csum-offset + doc: checksum offset relative to base type: u32 byte-order: big-endian - name: csum-flags + doc: checksum flags type: u32 byte-order: big-endian - @@ -1220,6 +1365,59 @@ attribute-sets: type: u32 byte-order: big-endian doc: id of object map + - + name: compat-target-attrs + header: linux/netfilter/nf_tables_compat.h + attributes: + - + name: name + type: string + checks: + max-len: 32 + - + name: rev + type: u32 + byte-order: big-endian + - + name: info + type: binary + - + name: compat-match-attrs + header: linux/netfilter/nf_tables_compat.h + attributes: + - + name: name + type: string + checks: + max-len: 32 + - + name: rev + type: u32 + byte-order: big-endian + checks: + max: 255 + - + name: info + type: binary + - + name: compat-attrs + header: linux/netfilter/nf_tables_compat.h + attributes: + - + name: name + type: string + checks: + max-len: 32 + - + name: rev + type: u32 + byte-order: big-endian + checks: + max: 255 + - + name: type + type: u32 + byte-order: big-endian sub-messages: - -- 2.50.1