From dacab91e35d65384ab5c502accf3af7dff06f3d6 Mon Sep 17 00:00:00 2001 From: Jeremy Sowden Date: Sat, 30 Nov 2019 11:30:57 +0000 Subject: doc: fix inconsistency in set statement documentation. The description of the set statement asserts that the set must have been created with the "dynamic" flag. However, this is not the case, and it is contradicted by the following example in which the "dynamic" flag does not appear. In fact, one or both of the "dynamic" or the "timeout" flags need to be used, depending on what the set statement contains. Amend the description to explain this more accurately. Signed-off-by: Jeremy Sowden Signed-off-by: Pablo Neira Ayuso --- doc/statements.txt | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/doc/statements.txt b/doc/statements.txt index 07bf09c5..3b824367 100644 --- a/doc/statements.txt +++ b/doc/statements.txt @@ -669,10 +669,15 @@ SET STATEMENT ~~~~~~~~~~~~~ The set statement is used to dynamically add or update elements in a set from the packet path. The set setname must already exist in the given table and must -have been created with the dynamic flag. Furthermore, these sets must specify -both a maximum set size (to prevent memory exhaustion) and a timeout (so that -number of entries in set will not grow indefinitely). The set statement can be -used to e.g. create dynamic blacklists. +have been created with one or both of the dynamic and the timeout flags. The +dynamic flag is required if the set statement expression includes a stateful +object. The timeout flag is implied if the set is created with a timeout, and is +required if the set statement updates elements, rather than adding them. +Furthermore, these sets should specify both a maximum set size (to prevent +memory exhaustion), and their elements should have a timeout (so their number +will not grow indefinitely) either from the set definition or from the statement +that adds or updates them. The set statement can be used to e.g. create dynamic +blacklists. [verse] {*add* | *update*} *@*'setname' *{* 'expression' [*timeout* 'timeout'] [*comment* 'string'] *}* -- cgit v1.2.3