"nft list ruleset" currently omits things it does not understand and that it cannot represent in any other way. This includes: 1. expression is unknown 2. expression is known (e.g. "cmp"), but attr contains unexpected value 3. expression is known but there is an unknown netlink attr contained in the dump If backend (libnftl) could mark expressions as incomplete (from .parse callbacks?), it would be then possible for the frontend (nft) to document this, e.g. by adding something like "# unknown attributes", or similar. This is mainly needed for container environments, where host environment might be using a lot older version than what is used by a specific container image. Related problem: entity that is using the raw netlink interface, it that case libnftnl might be able to parse everything but nft could lack the ability to properly print this. If noone has any objections, I would place this on my todo list and start with adding to libnftnl the needed "expression is incomplete" marking by extending the .parse callbacks.
