key words Dir in, out, fwd difference security policy syntax meaning output policy dir out SP works as a selector on outgoing packets to select which are to be encrypted+encapsulated and which not input policy dir in SP works as a selector on incoming packets which already have been decrypted+decapsulated and have a destination IP local on the system forward policy dir fwd SP works as a selector on incoming packets which already have been decrypted+decapsulated and have a destination IP which is not local, thereby packets which are to be forwarded (routed) So:

Virtual Routing and Forwarding (VRF) impacts only Layer 3. Setup VRF device is created with an association to a FIB table. 1 2 ip link add vrf-blue type vrf table 10 ip link set dev vrf-blue up Set the default route for the table (and hence default route for the VRF): 1 ip route add table 10 unreachable default metric 4278198272 Enslave L3 interfaces to a VRF device: 1 ip link set dev veth1 master vrf-blue Add additional VRF routers: 1 2 3 ip route add table 10 .

This blog’s content is copied from: BPF skeleton and BPF app lifecycle and libbpf -bootstrap bpf skeleton theory Here is the main libbpf concepts and phases that each BPF application goes through. BPF application consists of a set of BPF programs, either cooperating or completely independent, and BPF maps and global variables, shared between all BPF programs (allowing them to cooperate on a common set of data). BPF maps and global variables are also accessible from user-space.

Some tips Reference: https://blog.csdn.net/dlf1769/article/details/78997967 1 2 3 4 5 6 7 8 9 10 $@ 表示目标文件 $^ 表示所有的依赖文件 $< 表示第一个依赖文件 $? 表示比目标还要新的依赖文件列表 $% 仅当目标是函数库文件中，

A Linux bridge behaves like a network switch. It forwards packets between interfaces that are connected to it. The Linux bridge has added basic STP, multicast, netfilter support since the 2.4 and 2.6 kernel series. And it added more features after that. e.g. Config via netlink VLAN filter VxLAN tunnel mapping IGMPv3/MLDv2 switchdev netfilter Others We will introduce all the features in this article. At the end I will also show the limits of bridge and when OVS should be used.