You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2020/01/14 21:45:30 UTC
[trafficserver] branch 9.0.x updated (98f41e9 -> 6ef37a3)
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.
from 98f41e9 Don't sleep if ProtectedQueue.localQueue is not empty. (#6234)
new 0fade44 Copy the Client SNI Server Name out of the openssl SSL object and ensure it is null-terminated.
new 269a308 Fix dynamic update for conntrack (HttpConnectionCount) configuration variables.
new 6ef37a3 Promote 'Enable_Config_Var' from HttpConnectionCount to HttpConfig. This is so other configuration can use it.
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
iocore/net/P_SSLNetVConnection.h | 19 +++++++++---
iocore/net/SSLNetVConnection.cc | 14 +++++++++
iocore/net/SSLUtils.cc | 15 ++++-----
proxy/http/HttpConfig.cc | 36 +++++++++++++++++++++-
proxy/http/HttpConfig.h | 25 +++++++++++++++
proxy/http/HttpConnectionCount.cc | 65 +++++++++++++++++----------------------
proxy/http/HttpSM.cc | 4 +--
7 files changed, 126 insertions(+), 52 deletions(-)
[trafficserver] 01/03: Copy the Client SNI Server Name out of the
openssl SSL object and ensure it is null-terminated.
Posted by zw...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 0fade4485a139abff4346b40c40db30bdb314ef6
Author: Walter Karas <wk...@verizonmedia.com>
AuthorDate: Wed Dec 4 18:32:45 2019 -0600
Copy the Client SNI Server Name out of the openssl SSL object and ensure it is null-terminated.
(cherry picked from commit 770f9d4f5a6825465f2ae5a681c5f3896479f635)
---
iocore/net/P_SSLNetVConnection.h | 19 ++++++++++++++-----
iocore/net/SSLNetVConnection.cc | 14 ++++++++++++++
iocore/net/SSLUtils.cc | 15 ++++++++-------
proxy/http/HttpSM.cc | 4 ++--
4 files changed, 38 insertions(+), 14 deletions(-)
diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h
index 609d6f1..60ce374 100644
--- a/iocore/net/P_SSLNetVConnection.h
+++ b/iocore/net/P_SSLNetVConnection.h
@@ -31,6 +31,8 @@
****************************************************************************/
#pragma once
+#include <memory>
+
#include "tscore/ink_platform.h"
#include "ts/apidefs.h"
#include <string_view>
@@ -393,11 +395,16 @@ public:
ink_hrtime sslHandshakeEndTime = 0;
ink_hrtime sslLastWriteTime = 0;
int64_t sslTotalBytesSent = 0;
- // The serverName is either a pointer to the name fetched from the
- // SSL object or the empty string. Therefore, we do not allocate
- // extra memory for this value. If plugins in the future can set the
- // serverName value, this strategy will have to change.
- const char *serverName = nullptr;
+
+ // The serverName is either a pointer to the (null-terminated) name fetched from the
+ // SSL object or the empty string.
+ const char *
+ get_server_name() const
+ {
+ return _serverName.get() ? _serverName.get() : "";
+ }
+
+ void set_server_name(std::string_view name);
/// Set by asynchronous hooks to request a specific operation.
SslVConnOp hookOpRequested = SSL_HOOK_OP_DEFAULT;
@@ -472,6 +479,8 @@ private:
in_port_t tunnel_port = 0;
bool tunnel_decrypt = false;
X509_STORE_CTX *verify_cert = nullptr;
+
+ std::unique_ptr<char[]> _serverName;
};
typedef int (SSLNetVConnection::*SSLNetVConnHandler)(int, void *);
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index fa59bb4..02618d4 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -45,6 +45,7 @@
#include <climits>
#include <string>
+#include <cstring>
using namespace std::literals;
@@ -922,6 +923,8 @@ SSLNetVConnection::do_io_close(int lerrno)
void
SSLNetVConnection::clear()
{
+ _serverName.reset();
+
if (ssl != nullptr) {
SSL_free(ssl);
ssl = nullptr;
@@ -1921,3 +1924,14 @@ SSLNetVConnection::protocol_contains(std::string_view prefix) const
}
return retval;
}
+
+void
+SSLNetVConnection::set_server_name(std::string_view name)
+{
+ if (name.size()) {
+ char *n = new char[name.size() + 1];
+ std::memcpy(n, name.data(), name.size());
+ n[name.size()] = '\0';
+ _serverName.reset(n);
+ }
+}
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index eb28242..8255221 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -416,15 +416,16 @@ ssl_client_hello_callback(SSL *s, int *al, void *arg)
len = *(p++) << 8;
len += *(p++);
if (len + 2 <= remaining) {
- remaining = len;
servername = reinterpret_cast<const char *>(p);
}
}
}
}
}
- netvc->serverName = servername ? servername : "";
- int ret = PerformAction(netvc, netvc->serverName);
+ if (servername) {
+ netvc->set_server_name(std::string_view(servername, len));
+ }
+ int ret = PerformAction(netvc, netvc->get_server_name());
if (ret != SSL_TLSEXT_ERR_OK) {
return SSL_CLIENT_HELLO_ERROR;
}
@@ -490,14 +491,14 @@ ssl_servername_callback(SSL *ssl, int * /* ad */, void * /*arg*/)
SSLNetVConnection *netvc = SSLNetVCAccess(ssl);
netvc->callHooks(TS_EVENT_SSL_SERVERNAME);
- netvc->serverName = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
- if (nullptr == netvc->serverName) {
- netvc->serverName = "";
+ const char *name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
+ if (name) {
+ netvc->set_server_name(name);
}
#if !TS_USE_HELLO_CB
// Only call the SNI actions here if not already performed in the HELLO_CB
- int ret = PerformAction(netvc, netvc->serverName);
+ int ret = PerformAction(netvc, netvc->get_server_name());
if (ret != SSL_TLSEXT_ERR_OK) {
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index 540b94c..c4e850b 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -581,7 +581,7 @@ HttpSM::setup_blind_tunnel_port()
t_state.hdr_info.client_request.url_get()->port_set(t_state.state_machine->ua_txn->get_netvc()->get_local_port());
}
} else {
- t_state.hdr_info.client_request.url_get()->host_set(ssl_vc->serverName, strlen(ssl_vc->serverName));
+ t_state.hdr_info.client_request.url_get()->host_set(ssl_vc->get_server_name(), strlen(ssl_vc->get_server_name()));
t_state.hdr_info.client_request.url_get()->port_set(t_state.state_machine->ua_txn->get_netvc()->get_local_port());
}
}
@@ -1411,7 +1411,7 @@ plugins required to work with sni_routing.
t_state.hdr_info.client_request.url_get()->port_set(t_state.state_machine->ua_txn->get_netvc()->get_local_port());
}
} else if (ssl_vc) {
- t_state.hdr_info.client_request.url_get()->host_set(ssl_vc->serverName, strlen(ssl_vc->serverName));
+ t_state.hdr_info.client_request.url_get()->host_set(ssl_vc->get_server_name(), strlen(ssl_vc->get_server_name()));
t_state.hdr_info.client_request.url_get()->port_set(t_state.state_machine->ua_txn->get_netvc()->get_local_port());
}
}
[trafficserver] 03/03: Promote 'Enable_Config_Var' from
HttpConnectionCount to HttpConfig. This is so other configuration can use
it.
Posted by zw...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 6ef37a31bb8c5c6e99d1f1ccf57d1c1133db298d
Author: Alan M. Carroll <am...@apache.org>
AuthorDate: Thu Oct 17 09:47:31 2019 -0500
Promote 'Enable_Config_Var' from HttpConnectionCount to HttpConfig.
This is so other configuration can use it.
(cherry picked from commit 9550c6512840dcff80ea0ab2c57574390bf8c849)
---
proxy/http/HttpConfig.cc | 34 +++++++++++++++++++++++++++++
proxy/http/HttpConfig.h | 25 ++++++++++++++++++++++
proxy/http/HttpConnectionCount.cc | 45 +--------------------------------------
3 files changed, 60 insertions(+), 44 deletions(-)
diff --git a/proxy/http/HttpConfig.cc b/proxy/http/HttpConfig.cc
index e9bab7d..9a9bab8 100644
--- a/proxy/http/HttpConfig.cc
+++ b/proxy/http/HttpConfig.cc
@@ -150,6 +150,40 @@ http_config_cb(const char * /* name ATS_UNUSED */, RecDataT /* data_type ATS_UNU
return 0;
}
+void
+Enable_Config_Var(std::string_view const &name, bool (*cb)(const char *, RecDataT, RecData, void *), void *cookie)
+{
+ // Must use this indirection because the API requires a pure function, therefore no values can
+ // be bound in the lambda. Instead this is needed to pass in the data for both the lambda and
+ // the actual callback.
+ using Context = std::tuple<decltype(cb), void *>;
+
+ // To deal with process termination cleanup, store the context instances in a deque where
+ // tail insertion doesn't invalidate pointers. These persist until process shutdown.
+ static std::deque<Context> storage;
+
+ Context &ctx = storage.emplace_back(cb, cookie);
+ // Register the call back - this handles external updates.
+ RecRegisterConfigUpdateCb(name.data(),
+ [](const char *name, RecDataT dtype, RecData data, void *ctx) -> int {
+ auto &&[cb, cookie] = *static_cast<Context *>(ctx);
+ if ((*cb)(name, dtype, data, cookie)) {
+ http_config_cb(name, dtype, data, cookie); // signal runtime config update.
+ }
+ return REC_ERR_OKAY;
+ },
+ &ctx);
+
+ // Use the record to do the initial data load.
+ // Look it up and call the updater @a cb on that data.
+ RecLookupRecord(name.data(),
+ [](RecRecord const *r, void *ctx) -> void {
+ auto &&[cb, cookie] = *static_cast<Context *>(ctx);
+ (*cb)(r->name, r->data_type, r->data, cookie);
+ },
+ &ctx);
+}
+
// [amc] Not sure which is uglier, this switch or having a micro-function for each var.
// Oh, how I long for when we can use C++eleventy lambdas without compiler problems!
// I think for 5.0 when the BC stuff is yanked, we should probably revert this to independent callbacks.
diff --git a/proxy/http/HttpConfig.h b/proxy/http/HttpConfig.h
index c3cb7b0..11a815c 100644
--- a/proxy/http/HttpConfig.h
+++ b/proxy/http/HttpConfig.h
@@ -860,3 +860,28 @@ inline HttpConfigParams::~HttpConfigParams()
delete connect_ports;
delete redirect_actions_map;
}
+
+/** Enable a dynamic configuration variable.
+ *
+ * @param name Configuration var name.
+ * @param cb Callback to do the actual update of the master record.
+ * @param cookie Extra data for @a cb
+ *
+ * The purpose of this is to unite the different ways and times a configuration variable needs
+ * to be loaded. These are
+ * - Process start.
+ * - Dynamic update.
+ * - Plugin API update.
+ *
+ * @a cb is expected to perform the update. It must return a @c bool which is
+ * - @c true if the value was changed.
+ * - @c false if the value was not changed.
+ *
+ * Based on that, a run time configuration update is triggered or not.
+ *
+ * In addition, this invokes @a cb and passes it the information in the configuration variable
+ * global table in order to perform the initial loading of the value. No update is triggered for
+ * that call as it is not needed.
+ *
+ */
+extern void Enable_Config_Var(std::string_view const &name, bool (*cb)(const char *, RecDataT, RecData, void *), void *cookie);
diff --git a/proxy/http/HttpConnectionCount.cc b/proxy/http/HttpConnectionCount.cc
index 97a47d5..50b8e0b 100644
--- a/proxy/http/HttpConnectionCount.cc
+++ b/proxy/http/HttpConnectionCount.cc
@@ -24,6 +24,7 @@
#include <algorithm>
#include <deque>
#include <records/P_RecDefs.h>
+#include <HttpConfig.h>
#include "HttpConnectionCount.h"
#include "tscore/bwf_std_format.h"
#include "tscore/BufferWriter.h"
@@ -159,50 +160,6 @@ Config_Update_Conntrack_Alert_Delay(const char *name, RecDataT dtype, RecData da
return false;
}
-/** Function to do enable configuration variables.
- *
- * @param name Configuration var name.
- * @param cb Callback to do the actual update of the master record.
- * @param cookie Extra data for @a cb
- *
- * This sets up a librecords callback that invokes @a cb and checks the return value. That should
- * be @c true if the master record was updated, @c false if not. Based on that, the run time copy
- * update is triggered or not. This then invokes the callback directly, to do the initial load
- * of the configuration variable in to the master record.
- */
-void
-Enable_Config_Var(ts::TextView const &name, bool (*cb)(const char *, RecDataT, RecData, void *), void *cookie)
-{
- // Must use this indirection because the API requires a pure function, therefore no values can
- // be bound in the lambda. Instead this is needed to pass in the data for both the lambda and
- // the actual callback.
- using Context = std::tuple<decltype(cb), void *>;
-
- // To deal with process termination cleanup, store the context instances in a deque where
- // tail insertion doesn't invalidate pointers.
- static std::deque<Context> storage;
-
- Context &ctx = storage.emplace_back(cb, cookie);
- // Register the call back.
- RecRegisterConfigUpdateCb(name.data(),
- [](const char *name, RecDataT dtype, RecData data, void *ctx) -> int {
- auto &&[cb, cookie] = *static_cast<Context *>(ctx);
- if ((*cb)(name, dtype, data, cookie)) {
- http_config_cb(name, dtype, data, cookie); // signal runtime config update.
- }
- return REC_ERR_OKAY;
- },
- &ctx);
-
- // Use the record to do the initial data load.
- RecLookupRecord(name.data(),
- [](RecRecord const *r, void *ctx) -> void {
- auto &&[cb, cookie] = *static_cast<Context *>(ctx);
- (*cb)(r->name, r->data_type, r->data, cookie);
- },
- &ctx);
-}
-
} // namespace
void
[trafficserver] 02/03: Fix dynamic update for conntrack
(HttpConnectionCount) configuration variables.
Posted by zw...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 269a30882a79dd1db954bf3fd489bdbc07495f0d
Author: Alan M. Carroll <am...@apache.org>
AuthorDate: Fri Sep 6 17:07:17 2019 -0500
Fix dynamic update for conntrack (HttpConnectionCount) configuration variables.
(cherry picked from commit 03aee4ce6faa2ce142b83216186151010fd13a23)
---
proxy/http/HttpConfig.cc | 2 +-
proxy/http/HttpConnectionCount.cc | 100 +++++++++++++++++++++++++-------------
2 files changed, 68 insertions(+), 34 deletions(-)
diff --git a/proxy/http/HttpConfig.cc b/proxy/http/HttpConfig.cc
index 88c0f7c..e9bab7d 100644
--- a/proxy/http/HttpConfig.cc
+++ b/proxy/http/HttpConfig.cc
@@ -138,7 +138,7 @@ HttpConfigCont::handle_event(int /* event ATS_UNUSED */, void * /* edata ATS_UNU
return 0;
}
-static int
+int
http_config_cb(const char * /* name ATS_UNUSED */, RecDataT /* data_type ATS_UNUSED */, RecData /* data ATS_UNUSED */,
void * /* cookie ATS_UNUSED */)
{
diff --git a/proxy/http/HttpConnectionCount.cc b/proxy/http/HttpConnectionCount.cc
index fde59d0..97a47d5 100644
--- a/proxy/http/HttpConnectionCount.cc
+++ b/proxy/http/HttpConnectionCount.cc
@@ -22,6 +22,7 @@
*/
#include <algorithm>
+#include <deque>
#include <records/P_RecDefs.h>
#include "HttpConnectionCount.h"
#include "tscore/bwf_std_format.h"
@@ -29,6 +30,8 @@
using namespace std::literals;
+extern int http_config_cb(const char *, RecDataT, RecData, void *);
+
OutboundConnTrack::Imp OutboundConnTrack::_imp;
OutboundConnTrack::GlobalConfig *OutboundConnTrack::_global_config{nullptr};
@@ -76,51 +79,55 @@ static_assert(OutboundConnTrack::Group::Clock::period::den >= 1000);
// Configuration callback functions.
namespace
{
-int
+bool
Config_Update_Conntrack_Min(const char *name, RecDataT dtype, RecData data, void *cookie)
{
auto config = static_cast<OutboundConnTrack::TxnConfig *>(cookie);
if (RECD_INT == dtype) {
config->min = data.rec_int;
+ return true;
}
- return REC_ERR_OKAY;
+ return false;
}
-int
+bool
Config_Update_Conntrack_Max(const char *name, RecDataT dtype, RecData data, void *cookie)
{
auto config = static_cast<OutboundConnTrack::TxnConfig *>(cookie);
if (RECD_INT == dtype) {
config->max = data.rec_int;
+ return true;
}
- return REC_ERR_OKAY;
+ return false;
}
-int
+bool
Config_Update_Conntrack_Queue_Size(const char *name, RecDataT dtype, RecData data, void *cookie)
{
auto config = static_cast<OutboundConnTrack::GlobalConfig *>(cookie);
if (RECD_INT == dtype) {
config->queue_size = data.rec_int;
+ return true;
}
- return REC_ERR_OKAY;
+ return false;
}
-int
+bool
Config_Update_Conntrack_Queue_Delay(const char *name, RecDataT dtype, RecData data, void *cookie)
{
auto config = static_cast<OutboundConnTrack::GlobalConfig *>(cookie);
if (RECD_INT == dtype && data.rec_int > 0) {
config->queue_delay = std::chrono::milliseconds(data.rec_int);
+ return true;
}
- return REC_ERR_OKAY;
+ return false;
}
-int
+bool
Config_Update_Conntrack_Match(const char *name, RecDataT dtype, RecData data, void *cookie)
{
auto config = static_cast<OutboundConnTrack::TxnConfig *>(cookie);
@@ -130,35 +137,70 @@ Config_Update_Conntrack_Match(const char *name, RecDataT dtype, RecData data, vo
std::string_view tag{data.rec_string};
if (OutboundConnTrack::lookup_match_type(tag, match_type)) {
config->match = match_type;
+ return true;
} else {
OutboundConnTrack::Warning_Bad_Match_Type(tag);
}
} else {
Warning("Invalid type for '%s' - must be 'INT'", OutboundConnTrack::CONFIG_VAR_MATCH.data());
}
- return REC_ERR_OKAY;
+ return false;
}
-int
+bool
Config_Update_Conntrack_Alert_Delay(const char *name, RecDataT dtype, RecData data, void *cookie)
{
auto config = static_cast<OutboundConnTrack::GlobalConfig *>(cookie);
if (RECD_INT == dtype && data.rec_int >= 0) {
config->alert_delay = std::chrono::seconds(data.rec_int);
+ return true;
}
- return REC_ERR_OKAY;
+ return false;
}
-// Do the initial load of a configuration var by grabbing the raw value from the records data
-// and calling the update callback. This must be a function because that's how the records
-// interface works. Everything needed is already in the record @a r.
+/** Function to do enable configuration variables.
+ *
+ * @param name Configuration var name.
+ * @param cb Callback to do the actual update of the master record.
+ * @param cookie Extra data for @a cb
+ *
+ * This sets up a librecords callback that invokes @a cb and checks the return value. That should
+ * be @c true if the master record was updated, @c false if not. Based on that, the run time copy
+ * update is triggered or not. This then invokes the callback directly, to do the initial load
+ * of the configuration variable in to the master record.
+ */
void
-Load_Config_Var(RecRecord const *r, void *)
+Enable_Config_Var(ts::TextView const &name, bool (*cb)(const char *, RecDataT, RecData, void *), void *cookie)
{
- for (auto cb = r->config_meta.update_cb_list; nullptr != cb; cb = cb->next) {
- cb->update_cb(r->name, r->data_type, r->data, cb->update_cookie);
- }
+ // Must use this indirection because the API requires a pure function, therefore no values can
+ // be bound in the lambda. Instead this is needed to pass in the data for both the lambda and
+ // the actual callback.
+ using Context = std::tuple<decltype(cb), void *>;
+
+ // To deal with process termination cleanup, store the context instances in a deque where
+ // tail insertion doesn't invalidate pointers.
+ static std::deque<Context> storage;
+
+ Context &ctx = storage.emplace_back(cb, cookie);
+ // Register the call back.
+ RecRegisterConfigUpdateCb(name.data(),
+ [](const char *name, RecDataT dtype, RecData data, void *ctx) -> int {
+ auto &&[cb, cookie] = *static_cast<Context *>(ctx);
+ if ((*cb)(name, dtype, data, cookie)) {
+ http_config_cb(name, dtype, data, cookie); // signal runtime config update.
+ }
+ return REC_ERR_OKAY;
+ },
+ &ctx);
+
+ // Use the record to do the initial data load.
+ RecLookupRecord(name.data(),
+ [](RecRecord const *r, void *ctx) -> void {
+ auto &&[cb, cookie] = *static_cast<Context *>(ctx);
+ (*cb)(r->name, r->data_type, r->data, cookie);
+ },
+ &ctx);
}
} // namespace
@@ -169,20 +211,12 @@ OutboundConnTrack::config_init(GlobalConfig *global, TxnConfig *txn)
_global_config = global; // remember this for later retrieval.
// Per transaction lookup must be done at call time because it changes.
- RecRegisterConfigUpdateCb(CONFIG_VAR_MIN.data(), &Config_Update_Conntrack_Min, txn);
- RecRegisterConfigUpdateCb(CONFIG_VAR_MAX.data(), &Config_Update_Conntrack_Max, txn);
- RecRegisterConfigUpdateCb(CONFIG_VAR_MATCH.data(), &Config_Update_Conntrack_Match, txn);
- RecRegisterConfigUpdateCb(CONFIG_VAR_QUEUE_SIZE.data(), &Config_Update_Conntrack_Queue_Size, global);
- RecRegisterConfigUpdateCb(CONFIG_VAR_QUEUE_DELAY.data(), &Config_Update_Conntrack_Queue_Delay, global);
- RecRegisterConfigUpdateCb(CONFIG_VAR_ALERT_DELAY.data(), &Config_Update_Conntrack_Alert_Delay, global);
-
- // Load 'em up by firing off the config update callback.
- RecLookupRecord(CONFIG_VAR_MIN.data(), &Load_Config_Var, nullptr, true);
- RecLookupRecord(CONFIG_VAR_MAX.data(), &Load_Config_Var, nullptr, true);
- RecLookupRecord(CONFIG_VAR_MATCH.data(), &Load_Config_Var, nullptr, true);
- RecLookupRecord(CONFIG_VAR_QUEUE_SIZE.data(), &Load_Config_Var, nullptr, true);
- RecLookupRecord(CONFIG_VAR_QUEUE_DELAY.data(), &Load_Config_Var, nullptr, true);
- RecLookupRecord(CONFIG_VAR_ALERT_DELAY.data(), &Load_Config_Var, nullptr, true);
+ Enable_Config_Var(CONFIG_VAR_MIN, &Config_Update_Conntrack_Min, txn);
+ Enable_Config_Var(CONFIG_VAR_MAX, &Config_Update_Conntrack_Max, txn);
+ Enable_Config_Var(CONFIG_VAR_MATCH, &Config_Update_Conntrack_Match, txn);
+ Enable_Config_Var(CONFIG_VAR_QUEUE_SIZE, &Config_Update_Conntrack_Queue_Size, global);
+ Enable_Config_Var(CONFIG_VAR_QUEUE_DELAY, &Config_Update_Conntrack_Queue_Delay, global);
+ Enable_Config_Var(CONFIG_VAR_ALERT_DELAY, &Config_Update_Conntrack_Alert_Delay, global);
}
OutboundConnTrack::TxnState