From 47a81d90a780269710266c2669388fb827ee5a0e Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Sun, 21 Jul 2019 12:43:05 +0200
Subject: doc: fib: explain example in more detail

As noted by Felix Dreissig, fib documentation is quite terse, so explain
the 'saddr . iif' example with a few more words.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1220
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 doc/primary-expression.txt | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'doc')

diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt
index 6eb9583a..34bcf2d3 100644
--- a/doc/primary-expression.txt
+++ b/doc/primary-expression.txt
@@ -274,6 +274,12 @@ fib_addrtype
 # drop packets without a reverse path
 filter prerouting fib saddr . iif oif missing drop
 
+In this example, 'saddr . iif' looks up routing information based on the source address and the input interface.
+oif picks the output interface index from the routing information.
+If no route was found for the source address/input interface combination, the output interface index is zero.
+In case the input interface is specified as part of the input key, the output interface index is always the same as the input interface index or zero.
+If only 'saddr oif' is given, then oif can be any interface index or zero.
+
 # drop packets to address not configured on ininterface
 filter prerouting fib daddr . iif type != { local, broadcast, multicast } drop
 
-- 
cgit v1.2.3