[CONJ-888] Fails SSH Tunneling Created: 2021-06-10  Updated: 2021-06-23  Resolved: 2021-06-23

Status: Closed
Project: MariaDB Connector/J
Component/s: protocol
Affects Version/s: 2.7.3
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Björn Raupach Assignee: Diego Dupin
Resolution: Not a Bug Votes: 0
Labels: None
Environment:

Amazon Aurora MySQL-compatible
OpenSSH_8.1p1, LibreSSL 2.7.3


 Description   

Steps to reproduce:

1) Open a ssh tunnel through a jump (bastion) server. For example:

$ ssh -NL 9000:something.something.eu-central-1.rds.amazonaws.com:3306 bastion

2) Open a JDBC Connection with DriverManager and a url of the form: jdbc:mysql://localhost:9000/mydatabase

You end up with an exception:

Exception in thread "main" java.lang.RuntimeException: java.sql.SQLNonTransientConnectionException: Could not connect to address=(host=localhost)(port=9000)(type=master) : (conn=98) could not load system variables
 
        at de.e2n.Main.connectToDatabase(Main.java:140)
 
        at de.e2n.Main.run(Main.java:52)
 
        at de.e2n.Main.main(Main.java:165)
 
Caused by: java.sql.SQLNonTransientConnectionException: Could not connect to address=(host=localhost)(port=9000)(type=master) : (conn=98) could not load system variables
 
        at org.mariadb.jdbc.internal.util.exceptions.ExceptionFactory.createException(ExceptionFactory.java:73)
 
        at org.mariadb.jdbc.internal.util.exceptions.ExceptionFactory.create(ExceptionFactory.java:194)
 
        at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connectWithoutProxy(AbstractConnectProtocol.java:1394)
 
        at org.mariadb.jdbc.internal.util.Utils.retrieveProxy(Utils.java:635)
 
        at org.mariadb.jdbc.MariaDbConnection.newConnection(MariaDbConnection.java:150)
 
        at org.mariadb.jdbc.Driver.connect(Driver.java:89)
 
        at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:677)
 
        at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:228)
 
        at de.e2n.Main.connectToDatabase(Main.java:138)
 
        ... 2 more
 
Caused by: java.sql.SQLNonTransientConnectionException: (conn=98) could not load system variables
 
        at org.mariadb.jdbc.internal.util.exceptions.ExceptionFactory.createException(ExceptionFactory.java:73)
 
        at org.mariadb.jdbc.internal.util.exceptions.ExceptionFactory.create(ExceptionFactory.java:185)
 
        at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.requestSessionDataWithShow(AbstractConnectProtocol.java:1114)
 
        at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.readPipelineAdditionalData(AbstractConnectProtocol.java:1075)
 
        at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.postConnectionQueries(AbstractConnectProtocol.java:882)
 
        at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.createConnection(AbstractConnectProtocol.java:597)
 
        at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connectWithoutProxy(AbstractConnectProtocol.java:1389)
 
        ... 8 more
 
Caused by: java.sql.SQLNonTransientConnectionException: (conn=98) Connection is closed
 
        at org.mariadb.jdbc.internal.util.exceptions.ExceptionFactory.createException(ExceptionFactory.java:73)
 
        at org.mariadb.jdbc.internal.util.exceptions.ExceptionFactory.create(ExceptionFactory.java:189)
 
        at org.mariadb.jdbc.internal.protocol.AbstractQueryProtocol.cmdPrologue(AbstractQueryProtocol.java:1945)
 
        at org.mariadb.jdbc.internal.protocol.AbstractQueryProtocol.executeQuery(AbstractQueryProtocol.java:249)
 
        at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.requestSessionDataWithShow(AbstractConnectProtocol.java:1089)
 
        ... 12 more

This works if we use mysql-connector-java-5.1.46.jar.

 Comments   
Comment by Diego Dupin [ 2021-06-15 ]

Can you confirm this is for aurora ?
Aurora has a proxy that doesn't like pipelining (sending multiple mysql packet, then reading multiple packet).

Pipelining permits having better performance. Best then is to disable all pipelining capability (i.e. adding '&usePipelineAuth=false&useBatchMultiSend=false').
(MySQL driver doesn't use pipelining)

Comment by Björn Raupach [ 2021-06-17 ]

Hi Diego,

yes, I can confirm this is for Amazon Aurora MySQL.

After I appended the parameters usePipelineAuth=false and useBatchMultiSend=false the SSH tunnel works just fine. Should I close this issue now?

Out of curiosity. Why does it work without the two query string parameters if one connects to Aurora from EC2 - within AWS, but not through SSH Port Forwarding (Tunneling)? How is the proxy even able to distinguish the two connections from each other?

Comment by Diego Dupin [ 2021-06-23 ]

i'll close the ticket.
Proxy doesn't distinguish anything, problem is that this issue is a race condition, network dependent.
A random guess is that when this proxy handle request (a mysql packet), it discard the remaining bytes in buffer. Maybe SSH tunneling make that more obvious, by regrouping some TCP-IP packet ... One cannot knows without analysing proxy code in detail.

Generated at Thu Feb 08 03:19:03 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.