[MDEV-19277] Add status variable that gets incremented if connection is aborted prior to authentication Created: 2019-04-18  Updated: 2020-08-25  Resolved: 2019-05-14

Status: Closed
Project: MariaDB Server
Component/s: Authentication and Privilege System, Variables
Fix Version/s: 10.4.5

Type: Task Priority: Major
Reporter: Geoff Montee (Inactive) Assignee: Oleksandr Byelkin
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-19282 Log more specific warning with log_wa... Closed
relates to MDEV-19469 Connection timeout before Authenticat... Open
relates to MDEV-19276 If login fails when selecting a datab... Closed

 Description   

If a connection is aborted prior to authentication, then the only status variable that gets incremented is Aborted_connects. The Aborted_connects status variable gets incremented for a lot of reasons though, so there is no status variable that can be used to determine how many connections have gotten aborted prior to authentication.

You can reproduce this by doing something like using telnet to connect to the MariaDB port, and then killing the telnet process:

$ telnet 127.0.0.1 3306
 
Trying 127.0.0.1...
 
Connected to 127.0.0.1.
 
Escape character is '^]'.
 
Y
 
5.5.5-10.1.38-MariaDB@TcxOay_?▒MFWbhc931>#4mysql_native_password^CConnection closed by foreign host

The only status variable that is incremented from this is Aborted_connects:

MariaDB [(none)]> SHOW GLOBAL STATUS LIKE 'Aborted%';
 
+------------------+-------+
 
| Variable_name    | Value |
 
+------------------+-------+
 
| Aborted_clients  | 0     |
 
| Aborted_connects | 1     |
 
+------------------+-------+
 
2 rows in set (0.00 sec)
 
 
 
MariaDB [(none)]> SHOW GLOBAL STATUS LIKE 'Access_denied%';
 
+----------------------+-------+
 
| Variable_name        | Value |
 
+----------------------+-------+
 
| Access_denied_errors | 0     |
 
+----------------------+-------+
 
1 row in set (0.00 sec)
 
 
 
MariaDB [(none)]> SHOW GLOBAL STATUS LIKE 'Connection_errors%';
 
+-----------------------------------+-------+
 
| Variable_name                     | Value |
 
+-----------------------------------+-------+
 
| Connection_errors_accept          | 0     |
 
| Connection_errors_internal        | 0     |
 
| Connection_errors_max_connections | 0     |
 
| Connection_errors_peer_address    | 0     |
 
| Connection_errors_select          | 0     |
 
| Connection_errors_tcpwrap         | 0     |
 
+-----------------------------------+-------+
 
6 rows in set (0.00 sec)



 Comments   
Comment by Oleksandr Byelkin [ 2019-05-09 ]

Is Aborted_nonauth_connects a good name?

Comment by Oleksandr Byelkin [ 2019-05-09 ]

I do not think that we should change value and meaning of Aborted_connects , but just add new variable which will count aborted with no authentication additionally?

Comment by Geoff Montee (Inactive) [ 2019-05-09 ]

What do you think about Aborted_connects_preauth? Aborted_nonauth_connects would work too though.

I agree with you about the behavior of Aborted_connects.

Comment by Oleksandr Byelkin [ 2019-05-09 ]

OK, it will be Aborted_connects_preauth, thanks for helping with the name

Comment by Oleksandr Byelkin [ 2019-05-09 ]

OK, the last question, does it matter if the connection closed with error or closed without an error?

The connection can be closed because of error (probably timeout belong here), because was killed or because actually connection closed, but we are only interested if it was closed unauthorized, correct?

Comment by Geoff Montee (Inactive) [ 2019-05-10 ]

I don't think it should matter if the connection was closed with or without an error. I think this status variable should only be concerned with whether the connection was closed prior to performing authentication--regardless of whether an error was involved.

Comment by Oleksandr Byelkin [ 2019-05-14 ]

the same patch with MDEV-19277

Comment by Vladislav Vaintroub [ 2019-05-14 ]

Looks good to me, ok to push

Generated at Thu Feb 08 08:50:24 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.