diff mbox series

[NOMERGE,iptables,2/2] man: xt_set: Describe --update-counters-first flag

Message ID 20200322022054.3447876-3-sbrivio@redhat.com
State RFC
Delegated to: Jozsef Kadlecsik
Headers show
Series man: xt_set: Describe existing behaviour and new counters update flag | expand

Commit Message

Stefano Brivio March 22, 2020, 2:20 a.m. UTC 
If this flag is set, counters are updated when elements (not
necessarily rules) match, and before rule match is evaluated
as a whole.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 extensions/libxt_set.man | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/extensions/libxt_set.man b/extensions/libxt_set.man
index 451400dc..fb5411be 100644
--- a/extensions/libxt_set.man
+++ b/extensions/libxt_set.man
@@ -27,9 +27,17 @@  byte counters of the matching element in the set won't be updated. By
 default, packet and byte counters are updated if the \fIrule\fP
 matches.
 .IP
-Note that a rule might not match (hence, counters won't be updated)
-even if a set element matches, depending on further options described
-below.
+Note that a rule might not match even if a set element matches,
+depending on further options described below, hence counters won't be
+updated unless the \fB\-\-update\-counters-first\fP option is given.
+.TP
+\fB\-\-update\-counters-first\fP
+Update counters before evaluating options that might affect rule
+matching: counters are updated whenever a set element matches, and
+counter comparison options described below are evaluated against the
+resulting counter values.
+.IP
+This is mutually exclusive with \fB!\fP \fB\-\-update\-counters\fP.
 .TP
 \fB!\fP \fB\-\-update\-subcounters\fP
 If the \fB\-\-update\-subcounters\fP flag is negated, then the packet and