doc: fib: explain example in more detail

As noted by Felix Dreissig, fib documentation is quite terse, so explain the 'saddr . iif' example with a few more words. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1220 Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2019-07-21 12:43:05 +0200
committer: Florian Westphal <fw@strlen.de> 2019-07-22 11:39:29 +0200
commit: 47a81d90a780269710266c2669388fb827ee5a0e (patch)
tree: a68b9ed5b5c8a7b12c86fb1c5aed7ca4225fde70 /doc
parent: 1b29e369e88f32c4275141d9c5ab3652e56a5387 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt
index 6eb9583a..34bcf2d3 100644
--- a/doc/primary-expression.txt
+++ b/doc/primary-expression.txt
@@ -274,6 +274,12 @@ fib_addrtype
 # drop packets without a reverse path
 filter prerouting fib saddr . iif oif missing drop
 
+In this example, 'saddr . iif' looks up routing information based on the source address and the input interface.
+oif picks the output interface index from the routing information.
+If no route was found for the source address/input interface combination, the output interface index is zero.
+In case the input interface is specified as part of the input key, the output interface index is always the same as the input interface index or zero.
+If only 'saddr oif' is given, then oif can be any interface index or zero.
+
 # drop packets to address not configured on ininterface
 filter prerouting fib daddr . iif type != { local, broadcast, multicast } drop
author	Florian Westphal <fw@strlen.de>	2019-07-21 12:43:05 +0200
committer	Florian Westphal <fw@strlen.de>	2019-07-22 11:39:29 +0200
commit	47a81d90a780269710266c2669388fb827ee5a0e (patch)
tree	a68b9ed5b5c8a7b12c86fb1c5aed7ca4225fde70 /doc
parent	1b29e369e88f32c4275141d9c5ab3652e56a5387 (diff)