summaryrefslogtreecommitdiffstats
path: root/doc/statements.txt
diff options
context:
space:
mode:
authorJeremy Sowden <jeremy@azazel.net>2019-11-30 11:30:57 +0000
committerPablo Neira Ayuso <pablo@netfilter.org>2019-12-02 19:25:22 +0100
commitdacab91e35d65384ab5c502accf3af7dff06f3d6 (patch)
treeaa2104aa36ec562125d9b2840326996bfe0c088d /doc/statements.txt
parent8a9f48515fb8f9aed0af04e05f4528aa0e32116f (diff)
doc: fix inconsistency in set statement documentation.
The description of the set statement asserts that the set must have been created with the "dynamic" flag. However, this is not the case, and it is contradicted by the following example in which the "dynamic" flag does not appear. In fact, one or both of the "dynamic" or the "timeout" flags need to be used, depending on what the set statement contains. Amend the description to explain this more accurately. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/statements.txt')
-rw-r--r--doc/statements.txt13
1 files changed, 9 insertions, 4 deletions
diff --git a/doc/statements.txt b/doc/statements.txt
index 07bf09c5..3b824367 100644
--- a/doc/statements.txt
+++ b/doc/statements.txt
@@ -669,10 +669,15 @@ SET STATEMENT
~~~~~~~~~~~~~
The set statement is used to dynamically add or update elements in a set from
the packet path. The set setname must already exist in the given table and must
-have been created with the dynamic flag. Furthermore, these sets must specify
-both a maximum set size (to prevent memory exhaustion) and a timeout (so that
-number of entries in set will not grow indefinitely). The set statement can be
-used to e.g. create dynamic blacklists.
+have been created with one or both of the dynamic and the timeout flags. The
+dynamic flag is required if the set statement expression includes a stateful
+object. The timeout flag is implied if the set is created with a timeout, and is
+required if the set statement updates elements, rather than adding them.
+Furthermore, these sets should specify both a maximum set size (to prevent
+memory exhaustion), and their elements should have a timeout (so their number
+will not grow indefinitely) either from the set definition or from the statement
+that adds or updates them. The set statement can be used to e.g. create dynamic
+blacklists.
[verse]
{*add* | *update*} *@*'setname' *{* 'expression' [*timeout* 'timeout'] [*comment* 'string'] *}*