ip rule suppress_prefixlength

[Matthias Peter Walther]

Hello Valdis,

thanks for your reply. You're right, table 42 can't route a package,
because the default route is suppressed.

But from what I understand, if table 42 (and so ip rule 32765) doesn't
fit on the package, the next rule (32766) is called and the package
should be routed based on the main table, which has a default route
(default via 5.9.86.151 dev eth0).

Maybe you're right, and I misunderstood the concept here. Could you
explain the second part to me again? Why isn't the package switched back
to the main routing table, like rule 32766 says.

Regards,
Matthias

On 31.10.2016 23:24, Valdis.Kletnieks at vt.edu wrote:
> On Sun, 30 Oct 2016 12:25:50 +0100, Matthias Peter Walther said:
>
>> root at des1 ~ # ip rule
>> 0:    from all lookup local
>> 32765:    from all iif lo lookup ffnet suppress_prefixlength 0
>> 32766:    from all lookup main
>> 32767:    from all lookup default
>> (ffnet is table 42)
>> root at des1 ~ # ip r s
>> default via 5.9.86.151 dev eth0
>> 5.9.86.151 dev eth0  proto kernel  scope link  src 5.9.86.144
>> root at des1 ~ # ip r s t 42
>> blackhole default
>> Let's say I want to ping 8.8.8.8. What I expect is, that the package is
>> put into routing table 42 by the ip rule 32765. As there is no more
>> specific route for 8.8.8.8 than the default route in table 42, I expect
>> the suppress_prefixlength 0 option to put it back to the default routing
>> table and then to be send out through eth0.
> Note your table 42 is a blackhole.  I suspect that using 'suppress_prefixlength
> 0' is acting differently than you expect - you've told it to use table 42 which
> has only a blackhole, and when it suppresses that route, there is no *other*
> route in table 42 to select - leaving you with a 'no route' situation.  I don't
> think it's supposed to make the 'lookup ffnet' part go away, only entries *IN*
> that table that are longer than specified (which for 0 means "all of them").
>