doc/netlink: nftables: Fill out operation attributes

author Remy D. Farley <one-d-wide@protonmail.com>

Tue, 3 Mar 2026 20:00:12 +0000 (20:00 +0000)

committer Jakub Kicinski <kuba@kernel.org>

Fri, 6 Mar 2026 02:49:08 +0000 (18:49 -0800)
author Remy D. Farley <one-d-wide@protonmail.com>
Tue, 3 Mar 2026 20:00:12 +0000 (20:00 +0000)
committer Jakub Kicinski <kuba@kernel.org>
Fri, 6 Mar 2026 02:49:08 +0000 (18:49 -0800)
diff --git a/Documentation/netlink/specs/nftables.yaml b/Documentation/netlink/specs/nftables.yaml

index 086b16b12b0f3d88ab99b9ca1776336a8a051f46..21edf3d25f34bcff1a7ad993177125aee14a792a 100644 (file)
--- a/Documentation/netlink/specs/nftables.yaml
+++ b/Documentation/netlink/specs/nftables.yaml
@@ -1568,7 +1568,10 @@ operations:
          request:
            value: 0xa00
            attributes:
+            # Mentioned in nf_tables_newtable()
              - name
+            - flags
+            - userdata
      -
        name: gettable
        doc: Get / dump tables.
@@ -1578,11 +1581,21 @@ operations:
          request:
            value: 0xa01
            attributes:
+            # Mentioned in nf_tables_gettable()
              - name
          reply:
            value: 0xa00
-          attributes:
+          attributes: &get-table
+            # Mentioned in nf_tables_fill_table_info()
              - name
+            - use
+            - handle
+            - flags
+            - owner
+            - userdata
+      dump:
+        reply:
+          attributes: *get-table
      -
        name: deltable
        doc: Delete an existing table.
@@ -1591,8 +1604,10 @@ operations:
        do:
          request:
            value: 0xa02
-          attributes:
+          attributes: &del-table
+            # Mentioned in nf_tables_deltable()
              - name
+            - handle
      -
        name: destroytable
        doc: |
@@ -1603,8 +1618,7 @@ operations:
        do:
          request:
            value: 0xa1a
-          attributes:
-            - name
+          attributes: *del-table
      -
        name: newchain
        doc: Create a new chain.
@@ -1614,7 +1628,19 @@ operations:
          request:
            value: 0xa03
            attributes:
+            # Mentioned in nf_tables_newchain()
+            - table
+            - handle
+            - policy
+            - flags
+            # Mentioned in nf_tables_updchain()
+            - hook
              - name
+            - counters
+            # Mentioned in nf_tables_addchain()
+            - userdata
+            # Mentioned in nft_chain_parse_hook()
+            - type
      -
        name: getchain
        doc: Get / dump chains.
@@ -1624,11 +1650,27 @@ operations:
          request:
            value: 0xa04
            attributes:
+            # Mentioned in nf_tables_getchain()
+            - table
              - name
          reply:
            value: 0xa03
-          attributes:
+          attributes: &get-chain
+            # Mentioned in nf_tables_fill_chain_info()
+            - table
              - name
+            - handle
+            - hook
+            - policy
+            - type
+            - flags
+            - counters
+            - id
+            - use
+            - userdata
+      dump:
+        reply:
+          attributes: *get-chain
      -
        name: delchain
        doc: Delete an existing chain.
@@ -1637,8 +1679,12 @@ operations:
        do:
          request:
            value: 0xa05
-          attributes:
+          attributes: &del-chain
+            # Mentioned in nf_tables_delchain()
+            - table
+            - handle
              - name
+            - hook
      -
        name: destroychain
        doc: |
@@ -1649,8 +1695,7 @@ operations:
        do:
          request:
            value: 0xa1b
-          attributes:
-            - name
+          attributes: *del-chain
      -
        name: newrule
        doc: Create a new rule.
@@ -1660,7 +1705,16 @@ operations:
          request:
            value: 0xa06
            attributes:
-            - name
+            # Mentioned in nf_tables_newrule()
+            - table
+            - chain
+            - chain-id
+            - handle
+            - position
+            - position-id
+            - expressions
+            - userdata
+            - compat
      -
        name: getrule
        doc: Get / dump rules.
@@ -1669,12 +1723,30 @@ operations:
        do:
          request:
            value: 0xa07
-          attributes:
-            - name
+          attributes: &get-rule-request
+            # Mentioned in nf_tables_getrule_single()
+            - table
+            - chain
+            - handle
          reply:
            value: 0xa06
+          attributes: &get-rule
+            # Mentioned in nf_tables_fill_rule_info()
+            - table
+            - chain
+            - handle
+            - position
+            - expressions
+            - userdata
+      dump:
+        request:
            attributes:
-            - name
+            # Mentioned in nf_tables_dump_rules_start()
+            - table
+            - chain
+        reply:
+          attributes: *get-rule
+
      -
        name: getrule-reset
        doc: Get / dump rules and reset stateful expressions.
@@ -1683,12 +1755,15 @@ operations:
        do:
          request:
            value: 0xa19
-          attributes:
-            - name
+          attributes: *get-rule-request
          reply:
            value: 0xa06
-          attributes:
-            - name
+          attributes: *get-rule
+      dump:
+        request:
+          attributes: *get-rule-request
+        reply:
+          attributes: *get-rule
      -
        name: delrule
        doc: Delete an existing rule.
@@ -1697,8 +1772,11 @@ operations:
        do:
          request:
            value: 0xa08
-          attributes:
-            - name
+          attributes: &del-rule
+            - table
+            - chain
+            - handle
+            - id
      -
        name: destroyrule
        doc: |
@@ -1708,8 +1786,7 @@ operations:
        do:
          request:
            value: 0xa1c
-          attributes:
-            - name
+          attributes: *del-rule
      -
        name: newset
        doc: Create a new set.
@@ -1719,7 +1796,21 @@ operations:
          request:
            value: 0xa09
            attributes:
+            # Mentioned in nf_tables_newset()
+            - table
              - name
+            - key-len
+            - id
+            - key-type
+            - flags
+            - data-type
+            - data-len
+            - obj-type
+            - timeout
+            - gc-interval
+            - policy
+            - desc
+            - userdata
      -
        name: getset
        doc: Get / dump sets.
@@ -1729,11 +1820,35 @@ operations:
          request:
            value: 0xa0a
            attributes:
+            # Mentioned in nf_tables_getset()
+            - table
              - name
          reply:
            value: 0xa09
-          attributes:
+          attributes: &get-set
+            # Mentioned in nf_tables_fill_set()
+            - table
              - name
+            - handle
+            - flags
+            - key-len
+            - key-type
+            - data-type
+            - data-len
+            - obj-type
+            - gc-interval
+            - policy
+            - userdata
+            - desc
+            - expr
+            - expressions
+      dump:
+        request:
+          attributes:
+            # Mentioned in nf_tables_getset()
+            - table
+        reply:
+          attributes: *get-set
      -
        name: delset
        doc: Delete an existing set.
@@ -1742,7 +1857,10 @@ operations:
        do:
          request:
            value: 0xa0b
-          attributes:
+          attributes: &del-set
+            # Mentioned in nf_tables_delset()
+            - table
+            - handle
              - name
      -
        name: destroyset
@@ -1753,8 +1871,7 @@ operations:
        do:
          request:
            value: 0xa1d
-          attributes:
-            - name
+          attributes: *del-set
      -
        name: newsetelem
        doc: Create a new set element.
@@ -1764,7 +1881,11 @@ operations:
          request:
            value: 0xa0c
            attributes:
-            - name
+            # Mentioned in nf_tables_newsetelem()
+            - table
+            - set
+            - set-id
+            - elements
      -
        name: getsetelem
        doc: Get / dump set elements.
@@ -1774,11 +1895,27 @@ operations:
          request:
            value: 0xa0d
            attributes:
-            - name
+            # Mentioned in nf_tables_getsetelem()
+            - table
+            - set
+            - elements
          reply:
            value: 0xa0c
            attributes:
-            - name
+            # Mentioned in nf_tables_fill_setelem_info()
+            - elements
+      dump:
+        request:
+          attributes: &dump-set-request
+            # Mentioned in nft_set_dump_ctx_init()
+            - table
+            - set
+        reply:
+          attributes: &dump-set
+            # Mentioned in nf_tables_dump_set()
+            - table
+            - set
+            - elements
      -
        name: getsetelem-reset
        doc: Get / dump set elements and reset stateful expressions.
@@ -1788,11 +1925,20 @@ operations:
          request:
            value: 0xa21
            attributes:
-            - name
+            # Mentioned in nf_tables_getsetelem_reset()
+            - elements
          reply:
            value: 0xa0c
            attributes:
-            - name
+            # Mentioned in nf_tables_dumpreset_set()
+            - table
+            - set
+            - elements
+      dump:
+        request:
+          attributes: *dump-set-request
+        reply:
+          attributes: *dump-set
      -
        name: delsetelem
        doc: Delete an existing set element.
@@ -1801,8 +1947,11 @@ operations:
        do:
          request:
            value: 0xa0e
-          attributes:
-            - name
+          attributes: &del-setelem
+            # Mentioned in nf_tables_delsetelem()
+            - table
+            - set
+            - elements
      -
        name: destroysetelem
        doc: Delete an existing set element with destroy semantics.
@@ -1811,8 +1960,7 @@ operations:
        do:
          request:
            value: 0xa1e
-          attributes:
-            - name
+          attributes: *del-setelem
      -
        name: getgen
        doc: Get / dump rule-set generation.
@@ -1821,12 +1969,16 @@ operations:
        do:
          request:
            value: 0xa10
-          attributes:
-            - name
          reply:
            value: 0xa0f
-          attributes:
-            - name
+          attributes: &get-gen
+            # Mentioned in nf_tables_fill_gen_info()
+            - id
+            - proc-pid
+            - proc-name
+      dump:
+        reply:
+          attributes: *get-gen
      -
        name: newobj
        doc: Create a new stateful object.
@@ -1836,7 +1988,12 @@ operations:
          request:
            value: 0xa12
            attributes:
+            # Mentioned in nf_tables_newobj()
+            - type
              - name
+            - data
+            - table
+            - userdata
      -
        name: getobj
        doc: Get / dump stateful objects.
@@ -1846,11 +2003,29 @@ operations:
          request:
            value: 0xa13
            attributes:
+            # Mentioned in nf_tables_getobj_single()
              - name
+            - type
+            - table
          reply:
            value: 0xa12
-          attributes:
+          attributes: &obj-info
+            # Mentioned in nf_tables_fill_obj_info()
+            - table
              - name
+            - type
+            - handle
+            - use
+            - data
+            - userdata
+      dump:
+        request:
+          attributes:
+            # Mentioned in nf_tables_dump_obj_start()
+            - table
+            - type
+        reply:
+          attributes: *obj-info
      -
        name: delobj
        doc: Delete an existing stateful object.
@@ -1860,7 +2035,11 @@ operations:
          request:
            value: 0xa14
            attributes:
+            # Mentioned in nf_tables_delobj()
+            - table
              - name
+            - type
+            - handle
      -
        name: destroyobj
        doc: Delete an existing stateful object with destroy semantics.
@@ -1870,7 +2049,11 @@ operations:
          request:
            value: 0xa1f
            attributes:
+            # Mentioned in nf_tables_delobj()
+            - table
              - name
+            - type
+            - handle
      -
        name: newflowtable
        doc: Create a new flow table.
@@ -1880,7 +2063,11 @@ operations:
          request:
            value: 0xa16
            attributes:
+            # Mentioned in nf_tables_newflowtable()
+            - table
              - name
+            - hook
+            - flags
      -
        name: getflowtable
        doc: Get / dump flow tables.
@@ -1890,11 +2077,22 @@ operations:
          request:
            value: 0xa17
            attributes:
+            # Mentioned in nf_tables_getflowtable()
              - name
+            - table
          reply:
            value: 0xa16
-          attributes:
+          attributes: &flowtable-info
+            # Mentioned in nf_tables_fill_flowtable_info()
+            - table
              - name
+            - handle
+            - use
+            - flags
+            - hook
+      dump:
+        reply:
+          attributes: *flowtable-info
      -
        name: delflowtable
        doc: Delete an existing flow table.
@@ -1903,8 +2101,12 @@ operations:
        do:
          request:
            value: 0xa18
-          attributes:
+          attributes: &del-flowtable
+            # Mentioned in nf_tables_delflowtable()
+            - table
              - name
+            - handle
+            - hook
      -
        name: destroyflowtable
        doc: Delete an existing flow table with destroy semantics.
@@ -1913,8 +2115,7 @@ operations:
        do:
          request:
            value: 0xa20
-          attributes:
-            - name
+          attributes: *del-flowtable
  
  mcast-groups:
    list:
author	Remy D. Farley <one-d-wide@protonmail.com>
	Tue, 3 Mar 2026 20:00:12 +0000 (20:00 +0000)
committer	Jakub Kicinski <kuba@kernel.org>
	Fri, 6 Mar 2026 02:49:08 +0000 (18:49 -0800)