From c0db25d055e095a099d8a23fd2c2023e4af761c4 Mon Sep 17 00:00:00 2001
From: Juliana Fajardini <jufajardini@oisf.net>
Date: Mon, 24 Apr 2023 16:42:34 -0300
Subject: [PATCH] userguide: update exception policy behaviors table

Some exception policies can only be applied to the triggering packet or
only make sense considering the whole flow. Highlight such cases in the
table showing each exception policy.

Related to
Bug #5825
---
 .../configuration/exception-policies.rst       | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/doc/userguide/configuration/exception-policies.rst b/doc/userguide/configuration/exception-policies.rst
index 77095912dc..10af446e58 100644
--- a/doc/userguide/configuration/exception-policies.rst
+++ b/doc/userguide/configuration/exception-policies.rst
@@ -67,28 +67,26 @@ Exception policies are implemented for:
      - Expected behavior
    * - stream.memcap
      - memcap-policy
-     - If a stream memcap limit is reached, call the memcap policy on the packet
-       and flow.
+     - If a stream memcap limit is reached, apply the memcap policy to the packet and/or
+       flow.
    * - stream.midstream
      - midstream-policy
-     - If a session is picked up midstream, call the memcap policy on the packet
-       and flow.
+     - If a session is picked up midstream, apply the midstream policy to the flow.
    * - stream.reassembly.memcap
      - memcap-policy
-     - If stream reassembly reaches memcap limit, call the memcap policy on the
-       packet and flow.
+     - If stream reassembly reaches memcap limit, apply memcap policy to the
+       packet and/or flow.
    * - flow.memcap
      - memcap-policy
      - Apply policy when the memcap limit for flows is reached and no flow could
-       be freed up. Apply policy to the packet.
+       be freed up. **Policy can only be applied to the packet.**
    * - defrag.memcap
      - memcap-policy
      - Apply policy when the memcap limit for defrag is reached and no tracker
-       could be picked up. Apply policy to the packet.
+       could be picked up. **Policy can only be applied to the packet.**
    * - app-layer
      - error-policy
-     - Apply policy if a parser reaches an error state. Apply policy to the
-       packet and flow.
+     - Apply policy if a parser reaches an error state. Policy can be applied to packet and/or flow.
 
 To change any of these, go to the specific section in the suricata.yaml file
 (for more configuration details, check the :doc:`suricata.yaml's<suricata-yaml>`