Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implements feature 'Client Error Limit' #3617

Merged
merged 11 commits into from
Sep 14, 2021
Merged

Implements feature 'Client Error Limit' #3617

merged 11 commits into from
Sep 14, 2021

Conversation

JavierJF
Copy link
Collaborator

@JavierJF JavierJF commented Sep 9, 2021

Feature description

'Client Error Limit' is a feature that limits the number of connection errors that can be initiated from a particular address before denying future connections from that address.

Feature is controlled by new introduced variables:

  • mysql-client_host_error_counts: Determines the number of errors than a client address needs to reach before getting banned for future connections.
  • mysql-client_host_cache_size: Determines the size of the cache being used for keeping track of the clients addresses that have had any connection errors.
  • Command 'PROXYSQL FLUSH MYSQL CLIENT HOSTS': Clears the client host cache.

When enabled, the expected behavior for the cache is the following:

When a new connection arrives, the cache is check for knowing if the client address has reached the
maximum errors, if the limit has been reached, and error is printed in ProxySQL log advertising the
event. If the limit is not reached, the connection tries to be performed, the situation has now to
possible outcomes:

a) The connection fails, the client address is added to the cache if it wasn't present, otherwise,
   it's error count is increased. If the cache was full, the oldest entry will be replaced with one
   holding this client address.
b) The connection succeeds, if the client address was present in the cache, it's removed from it.

Two new tables has also been introduced for being able to inspect the client_host_cache :

  • stats.stats_mysql_client_host_cache
  • stats.stats_mysql_client_host_cache_reset

As in other tables, querying stats_mysql_client_host_cache_reset performs a reset of the current values hold by the cache.

@JavierJF
Initial implementation for 'client_error_limit'
e2dd0a3 
Add initial support for FR limiting the number of connection errors that
can be initiated from a particular address before deniying future
connections from that address. Feature is controlled by new introduced
variables:

- mysql-client_host_error_counts
- mysql-client_host_cache_size
@JavierJF
Merge branch 'v2.x' of github.com:sysown/proxysql into v2.x-client_er…
6e533cb 
…r_limit
@JavierJF
Improved implementation of helper function 'get_client_addr' using 'h…
3addb9a 
…andler___status_NONE_or_default' as reference
@JavierJF
Fixed check for 'client_host' error count and added missing free
625daa9
@JavierJF
Added extra logging when a connection is closed due to 'client_host_e…
e7d9a4c 
…rror_counts' being reached
@JavierJF
Simplified check for query 'PROXYSQL FLUSH MYSQL CLIENT HOSTS' via 's…
2d3da0f 
…trcasecmp'
@JavierJF
Fixed double increment in 'update_client_host_cache' when oldest entr…
514ffe9 
…y is updated
@JavierJF
Added tables 'stats_mysql_client_host_cache' and 'stats_mysql_client_…
416a047 
…host_cache_reset' exposing entries in 'client_host_cache'
@JavierJF
Fixed size check for 'client_host_cache' and fixed logic preventing t…
d115e20 
…he cache from reducing it's size in certain conditions
@JavierJF JavierJF self-assigned this Sep 9, 2021
@JavierJF
Copy link
Collaborator Author

JavierJF commented Sep 9, 2021

Retest this please.

@JavierJF JavierJF merged commit db9b4ad into v2.x Sep 14, 2021
@renecannao renecannao deleted the v2.x-client_err_limit branch April 30, 2022 16:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@JavierJF JavierJF

Labels
Feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@JavierJF