proxysql

Commit Graph

Author	SHA1	Message	Date
Rene Cannao	6a921514cc	fix(mysqlx): protocol, data-stream and stats robustness fixes mysqlx_connection.cpp: Drain leading NOTICE frames in read_auth_frame() instead of returning nullopt on the first NOTICE. MySQL backends commonly emit a session-state-change notice before AuthenticateContinue or Ok, and returning nullopt caused the auth state machine to spin on try-read for the full 10s handshake timeout before completing. The two callers (step_auth_capabilities_get_sent and step_auth_capabilities_set_sent) now use the shared helper and drop their duplicated NOTICE checks. Also added a frame-size guard before reading the message-type byte. mysqlx_data_stream.{h,cpp}: Add close_and_reset() which tears down SSL/BIO state and clears every read/write buffer and parse flag without close()ing the fd. Required by mysqlx_session.cpp's return_backend_to_pool(), where the fd is owned by the pooled MysqlxConnection and must stay open after the data stream is wiped. Fix SSL_read return handling: a 0-return is a clean TLS shutdown (close_notify) and must surface as a connection close, not as a WANT_IO/retry. The previous code treated 0 and <0 identically and would loop forever on a cleanly-closed TLS peer. mysqlx_protocol.cpp: mysqlx_build_frame now rejects serialized payloads at the uint32 boundary so the +1 for the message-type byte cannot wrap to 0. This mirrors the X_MAX_PAYLOAD_SIZE clamp already applied by the inbound parser in MysqlxDataStream. mysqlx_stats.cpp: Rewrite the stats_mysqlx_routes INSERT builder to use std::string concatenation instead of a fixed 1024-byte snprintf buffer. Long route names plus escaping could overflow the buffer and the row was silently dropped without reaching the statsdb.	1 month ago
Rene Cannao	d50e48a971	feat(mysqlx): add descriptive TLS error messages with failure detection Adds SSL handshake failure detection and descriptive error messages for both client-side and backend TLS failures. Changes to MysqlxDataStream: - Added ssl_failed_ flag to distinguish WANT_IO (in progress) from actual SSL failure - ssl_handshake_failed() accessor for session to check failure state - ssl_failed_ is set to true in do_ssl_handshake() when get_ssl_status() returns MYSQLX_SSL_FAIL - ssl_failed_ is initialized to false in constructor, init_ssl(), and init_ssl_connect() Changes to MysqlxSession handler_tls_accept_init(): - After do_ssl_handshake() returns false, checks ssl_handshake_failed() - On failure: sends error 3151 ("TLS handshake failed") to client with OpenSSL error details retrieved via ERR_get_error()/ ERR_error_string_n(), then closes session - On WANT_IO: continues waiting (existing behavior) - Error 3150: TLS not configured on server (unchanged) - Error 3151: TLS handshake failed (new) - Error 3152: Reserved for backend TLS failures (Task 3)	2 months ago
Rene Cannao	0b555d3899	feat(mysqlx): add TLS infrastructure to MysqlxDataStream Adds SSL support following ProxySQL BIO-based pattern used in MySQL_Data_Stream and PgSQL_Data_Stream. New members in MysqlxDataStream: - ssl_: per-session SSL object from shared SSL_CTX - rbio_ssl_/wbio_ssl_: memory BIO pair for encrypted I/O - ssl_write_buf_/ssl_write_offset_: pending encrypted output - ssl_handshake_done_: handshake completion tracking New public methods: - init_ssl(SSL_CTX): creates SSL object with SSL_set_accept_state - init_ssl_connect(SSL_CTX): creates SSL object with SSL_set_connect_state - do_ssl_handshake(): performs TLS handshake, drains app data on completion - flush_ssl_write_buf(): sends pending encrypted bytes to network - has_ssl_pending_write(): checks BIO pending counts for poll integration - get_ssl()/get_rbio_ssl(): accessors for testing Modified read_from_net(): - SSL handshake phase: recv→BIO_write→do_ssl_handshake - Encrypted phase: recv→BIO_write→SSL_read loop→feed_bytes - Non-TLS path unchanged when ssl_ is null Modified write_to_net(): - SSL handshake phase: flush pending handshake data only - Encrypted phase: SSL_write→BIO_read→flush_ssl_write_buf - write_raw() also uses SSL_write when encrypted - Non-TLS path unchanged when ssl_ is null do_ssl_handshake() drains application data from the SSL object immediately after handshake completes, handling the case where the client sends data in the same TLS record as the Finished message. mysqlx_ssl_status enum maps OpenSSL errors: - MYSQLX_SSL_OK (SSL_ERROR_NONE) - MYSQLX_SSL_WANT_IO (SSL_ERROR_WANT_READ/WRITE) - MYSQLX_SSL_FAIL (all other errors) Tests: 18 assertions covering: - init_ssl with null ctx (no crash, no-op) - Non-TLS read/write unchanged - Full SSL handshake between client and server - Encrypted X Protocol frame read/write - has_ssl_pending_write before SSL init - init_ssl_connect for backend TLS	2 months ago
Rene Cannao	79783a63d7	fix(mysqlx): apply 12 critical/high fixes from four-way review + robustness test suite Addresses all 6 critical and 6 high issues identified by the four-way architecture/protocol/testing/security review. Critical fixes: - C1: Credential verification — MYSQL41 uses mysqlx_mysql41_verify_hash() against stored SHA1(SHA1(password)), PLAIN uses mysqlx_mysql41_hash() + CRYPTO_memcmp for constant-time comparison - C2: Backend X Protocol handshake — 6-state state machine in MysqlxConnection::step_auth() (CapGet→CapSet→AuthStart→AuthContinue→AuthDone) - C3: Backend FD added to poll set in rebuild_poll_set() — checks sds->get_fd() >= 0 && sds->get_status() == XDS_READY - C4: Double frame-pop fixed — removed redundant pop_frame() calls in dispatch_client_message() for handlers that already pop - C5: Backend kept until terminal frame — is_terminal_server_frame() checks 7 terminal types (OK, ERROR, SQL_STMT_EXECUTE_OK, FETCH_DONE, FETCH_SUSPENDED, DONE_MORE_RESULTSETS, DONE_MORE_OUT_PARAMS) - C6: Error severity defaults to ERROR (not FATAL) — added fatal parameter to send_error() High fixes: - H1: Parse errors detected — checks client_ds_.has_parse_error() after read_from_net() - H2: EINTR retry — do { r = recv/send(...) } while (r < 0 && errno == EINTR) - H3: Connection limit — max_sessions_ per thread (default 10000), accept loop breaks when exceeded - H4: Timeouts — 10s handshake timeout, 8h idle timeout in process_all_sessions() - H5: PLAIN auth rejected without TLS — checks client_ds_.is_encrypted() - H6: write_to_net errors propagated — checks return < 0 with errno != EAGAIN New test suites: - mysqlx_backend_auth_unit-t: 34 assertions covering full backend handshake state machine and error paths - mysqlx_credential_verify_unit-t: 24 assertions covering verify_hash, hex encode/decode, hash consistency - mysqlx_robustness_unit-t: 33 assertions covering terminal/non-terminal frame detection, multi-frame pipeline, backend disconnect, client disconnect, parse errors, auth edge cases, frame forwarding Robustness test fixes: - Replaced blocking read_x_frame with poll()-based version (200ms timeout) to prevent test hangs when no more data is available - Fixed double-close bug in test cleanup — session destructor and manual close() both closed same fds, causing next test socketpairs to be prematurely closed. Added detach_session_fds() helper to invalidate session fds before manual cleanup - Fixed drain loop ordering — close write end before draining read end to prevent blocking - Re-enabled test_backend_disconnect_during_query (previously crashed due to double-close fd corruption, not protobuf FATAL) - Fixed test_mysql41_no_credential_lookup_accepts_any to use valid 20-byte scramble format (40 hex chars) - Fixed test_forward_empty_frame to use SQL_STMT_EXECUTE message type instead of unrecognized 0x11 All 9 test suites pass (218+ assertions across backend_auth, credential_verify, data_stream, message_dispatch, session, thread, connection, concurrent, robustness).	2 months ago
Rene Cannao	eb958585a6	feat(mysqlx): add protocol-aware dispatch, TLS stubs, connection pool, and async connect Implements four tightly-coupled v2 components: Task 5 - Protocol-aware frame forwarding: - dispatch_client_message() handles all 23 X Protocol client message types - CRUD operations (Find/Insert/Update/Delete) forwarded to backend - SQL statement execution forwarded to backend - Prepared statements, cursors, views, expect blocks forwarded - Compression rejected with ER_X_CAPABILITY_COMPRESSION_INVALID_ALGORITHM - Unknown messages get ER_X_BAD_MESSAGE error - forward_to_backend() and handler_waiting_server_msg() for bidirectional frame forwarding between client and server data streams Task 6 - TLS stubs: - MysqlxDataStream gains encrypted_ flag for future TLS support - MysqlxSession gains TLS state machine states (accept/connect init/cont/done) - Stub handlers skip TLS states for now (Phase 3 will add OpenSSL) Task 7 - Connection pool integration: - MysqlxSession has back-pointer to Mysqlx_Thread for pool access - handler_connecting_server() checks thread-local cache first - Connections returned to cache after query completion - Pool matching by hostgroup, user, schema Task 8 - Async backend connect: - MysqlxConnection::start_connect() uses SOCK_NONBLOCK + EINPROGRESS - check_connect() polls SO_ERROR for completion - MysqlxSession::handler_connecting_server() manages async state - Graceful error handling with proper X Protocol error frames	2 months ago
Rene Cannao	6034a3fba6	fix(mysqlx): replace raw pointer MysqlxFrame with std::vector<uint8_t> Code quality fixes from review: - Replace std::pair<uint8_t*,size_t> with std::vector<uint8_t> for MysqlxFrame, eliminating use-after-free risk and Rule of Five violations - Add read buffer compaction when consumed prefix exceeds 4KB - Return -1 from write_to_net() for invalid fd (was returning 0) - Add parse_error_ flag instead of silently closing on malformed input - Add bounds check in enqueue_frame for oversized payloads	2 months ago
Rene Cannao	401a527186	feat(mysqlx): add non-blocking X Protocol frame I/O data stream Implements MysqlxDataStream with: - Non-blocking frame parsing from raw TCP byte streams - Partial frame buffering (header-first, then body accumulation) - Frame enqueue for writes with proper X Protocol wire format - read_from_net() / write_to_net() using recv()/send() on non-blocking FDs - O_NONBLOCK set automatically on init Foundation for the event-driven v2 rewrite. All future session and thread classes will use MysqlxDataStream for I/O instead of the blocking read()/write() calls from Phase 1. Tests: frame header parsing, partial frames, multiple concatenated frames, write buffer format verification.	2 months ago

7 Commits (31d7ae9ecbfcce4062dde20dfd67ff60dd0db29c)