MariaDB and MaxScale appear to handle resolving/attributing source IP/hostnames differently. This can be fine as this can enable MaxScale to offer more fine-grained control than MariaDB. However, we need to verify this is operating as intended. Secondarily, there may be an issue with MaxScale's dbfwfilter when using wildcards for IPv6 addresses.
Setup is MariaDB and MaxScale on the same server. MariaDb running on port 3360 and MaxScale on port 3370. MariaDB has two users configured-
Here are sample tcpdump s from remote connections to each-
Note both connections use proto TCP (6).
In spite of this, MariaDB accepts the connection and its authentication. Meanwhile, MaxScale sees this-
This necessitates handling IPv6 separately, at least for dbfwfilter. This would be fine, except for MaxScale failing to recognize IPv6 addresses when wild cards are invovled. Here is the rule which worked-
Here are examples of rules with wildcards which did not work-
- Should MariaDB and MaxScale see and resolve incoming source addresses the same way?
- Does dbfwfilter intend to filter based on observed source address or based on resolved source address (context- current rule formatting is identical to MariaDB user authentication, suggesting dbfwfilter will map connection attempts to user@host combinations exactly as MariaDB does- is this intended? Or is it intended dbfwfilter uses regex to match the specific IP/hostname a connection presents?)
- Why are wildcards and IPv6 not working? Is this a known deficiency, a bug, or a configuration issue (ex- should % be placed or arranged differently)?