[MXS-1827] Support for netmask having numbers different than 255 or 0 Created: 2018-04-25  Updated: 2023-06-23  Resolved: 2023-06-20

Status: Closed
Project: MariaDB MaxScale
Component/s: mariadbclient
Affects Version/s: 2.2.2, 2.2.8
Fix Version/s: 6.4.7

Type: New Feature Priority: Major
Reporter: Wagner Bianchi (Inactive) Assignee: Esa Korhonen
Resolution: Fixed Votes: 2
Labels: None
Environment:
  1. uname -r
    4.9.0-6-amd64
  2. uname -a
    Linux 4.9.0-6-amd64 #1 SMP Debian 4.9.82-1+deb9u3 (2018-03-02) x86_64 GNU/Linux

Issue Links:
Blocks
is blocked by MXS-1772 Netmask limitations are not documented Closed
Relates
relates to MXS-4651 Documentation claims that netmask sup... Closed
Sprint: MXS-SPRINT-185

 Description   

Folks,

Working with a customer, I found the below messages on the maxscale log what figures out to be a limitation of the Data Masking filter:

2018-04-25 11:24:25   error  : [MySQLAuth] Unrecognized IP-bytes in host/mask-combination. Merge incomplete: 10.225.17.128/255.255.255.192
 
2018-04-25 11:24:25   error  : [MySQLAuth] Unrecognized IP-bytes in host/mask-combination. Merge incomplete: 10.225.16.0/255.255.255.192
 
2018-04-25 11:24:25   error  : [MySQLAuth] Unrecognized IP-bytes in host/mask-combination. Merge incomplete: 10.225.16.192/255.255.255.192

We need to be able to support a netmask with definition having numbers different of 255 or 0. Maybe, to support a CIDR definition will be good as well.

It's linked with the https://jira.mariadb.org/browse/MXS-1772. Can that support be implemented?

Thanks and cheers!

 Comments   
Comment by markus makela [ 2020-02-14 ]

MariaDB server does not support non-octet masks: https://mariadb.com/kb/en/create-user/#host-name-component

Comment by Reiner Keller [ 2020-02-14 ]

but then it shouldn't be accepted AND USED as it's done in all used versions so far?

MariaDB [(none)]> \s
 
--------------
 
mysql  Ver 15.1 Distrib 10.2.30-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
 
...
 
MariaDB [(none)]> SELECT host FROM mysql.user WHERE host LIKE '%255%' GROUP BY host;
 
+--------------------------------+
 
| host                           |
 
+--------------------------------+
 
| 172.16.0.0/255.240.0.0         |
 
| 212.91.xxx.xxx/255.255.255.248 |
 
| 79.140.xxx.xxx/255.255.255.248  |
 
+--------------------------------+
 
3 rows in set (0.00 sec)

Comment by Hartmut Holzgraefe [ 2020-07-07 ]

The MariaDB server documentation seems to be wrong here, I tested on 10.3 and 10.4 and found that non-octet masks actually work fine there, e.g. in my local network my laptop currently is 192.168.23.140 and my desktop is 192.168.23.88.

When creating the following user on both: 

create user foo@"192.168.23.0/255.255.255.128" identified by "secret";
 
grant all on test.* to foo@"192.168.23.0/255.255.255.128";

I can connect from desktop to mariadb server on laptop, so client with 192.168.23.88 can connect with netmask 255.255.255.128

On the other hand laptop can't connect to server on laptop, as its 192.168.23.140 address is not within 192.168.23.0/255.255.255.128

So at least with MariaDB server 10.3 and above true netmask support is there, but doesn't work with Maxscale

Comment by markus makela [ 2020-07-08 ]

Hmm, I guess we'll have to open this up again and update the MariaDB documentation.

Comment by markus makela [ 2020-07-08 ]

Opening as a new feature as this is currently expected behavior.

Generated at Thu Feb 08 04:09:41 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.