diff options
author | Jeremy Sowden <jeremy@azazel.net> | 2019-11-30 11:30:57 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-12-02 19:25:22 +0100 |
commit | dacab91e35d65384ab5c502accf3af7dff06f3d6 (patch) | |
tree | aa2104aa36ec562125d9b2840326996bfe0c088d /doc/statements.txt | |
parent | 8a9f48515fb8f9aed0af04e05f4528aa0e32116f (diff) |
doc: fix inconsistency in set statement documentation.
The description of the set statement asserts that the set must have been
created with the "dynamic" flag. However, this is not the case, and it
is contradicted by the following example in which the "dynamic" flag
does not appear.
In fact, one or both of the "dynamic" or the "timeout" flags need to be
used, depending on what the set statement contains. Amend the
description to explain this more accurately.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/statements.txt')
-rw-r--r-- | doc/statements.txt | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/doc/statements.txt b/doc/statements.txt index 07bf09c5..3b824367 100644 --- a/doc/statements.txt +++ b/doc/statements.txt @@ -669,10 +669,15 @@ SET STATEMENT ~~~~~~~~~~~~~ The set statement is used to dynamically add or update elements in a set from the packet path. The set setname must already exist in the given table and must -have been created with the dynamic flag. Furthermore, these sets must specify -both a maximum set size (to prevent memory exhaustion) and a timeout (so that -number of entries in set will not grow indefinitely). The set statement can be -used to e.g. create dynamic blacklists. +have been created with one or both of the dynamic and the timeout flags. The +dynamic flag is required if the set statement expression includes a stateful +object. The timeout flag is implied if the set is created with a timeout, and is +required if the set statement updates elements, rather than adding them. +Furthermore, these sets should specify both a maximum set size (to prevent +memory exhaustion), and their elements should have a timeout (so their number +will not grow indefinitely) either from the set definition or from the statement +that adds or updates them. The set statement can be used to e.g. create dynamic +blacklists. [verse] {*add* | *update*} *@*'setname' *{* 'expression' [*timeout* 'timeout'] [*comment* 'string'] *}* |