On Wednesday, June 7th, 2023 at 08:10, Lars Noodén <lars.nooden@xxxxxxx> wrote:
> 1) Is there a way to reset time timeout counter so that the set can be
> told to extend the lifetime of a particular element? If so would
> attempting to re-add the same element to the named set do that?
Yes, but only in-band so any 'nft add ...' is a no-op for already existing elements (I had some questions on this maybe a year ago).
Assuming you've already create a set, say 'doh_ipv4', with 'flags dynamic,timeout', then
nft add rule inet filter input 'udp dport 1234 update @doh_ipv4 { ip daddr } drop'
Will update the expiration time to your timeout value when you send a udp packet to port 1234.
The equivalent command does not exist, so it's fairly painful to maintain out-of-band lists and update their sets accordingly.
nft update element ...
An 'nft add element' simply ensures that the set contains the item of interest, but does not alter/update its expiration time.
