On Thu, Aug 1, 2019 at 4:22 PM Fran Fitzpatrick <francis.x.fitzpatrick@xxxxxxxxx> wrote: > How come we would need an upstream kernel patch? > I meant that the expiration configuration is a quite new feature [0] that requires a recent kernel. > It seems like this can be done in the packet path, but I want to do it > outside of the packet path. Ref: > https://wiki.nftables.org/wiki-nftables/index.php/Updating_sets_from_the_packet_path > No, the expiration time can be modified outside the packet path as well. > I essentially want to update the timeout of a set element from the > userspace `nft` command. > If the expiration approach is not valid for you, then currently the only option is deleting the element and add it with the new timeout value. [0] https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git/commit/?id=79ebb5bb4e38a58ca796dd242b855a4982e101d7
