Hey Kerin, Do you mind if I ask a follow up question? I gave the two rules you listed some more thoughts, and I still puzzle over a small detail: It seems the tuple can change the meaning of the type value? For example, "fib daddr type local”, matches packets destine to any local interfaces, so “local” means local to the host, whereas "daddr . iif type local” matches packets destine to the interface they arrive, so “local” means local to the iif. I thought the type value’s meaning was absolute? I also checked man ip route, and it described local route type as > the destinations are assigned to this host. The packets are looped back and delivered locally. So it seems "daddr . iif” now changes it to "the destinations are assigned to the incoming interface”. Are there other values that can have different meanings for different tuples? > On Apr 29, 2023, at 4:57 PM, Kerin Millar <kfm@xxxxxxxxxxxxx> wrote: > > On Sat, 29 Apr 2023 16:49:48 +0800 > Glen Huang <heyhgl@xxxxxxxxx> wrote: > >>> that are also assigned to the interface at which any given packet arrives. >> >> This solved my issue. Thank you so much Kerin! >> >> I actually never understood the meaning of daddr . iif, but thanks to your detailed explanation, it now clicked. >> >> (Previous mail somehow got rejected, resending it) > > It seems that they both arrived. In any case, I'm glad that it helped. > > -- > Kerin Millar
