WL#7729: Instrumentation of connection type
Affects: Server-5.7 — Status: Complete
MySQL lacks DBA visibility into the types of connections being established and used; there is no meaningful way to distinguish SSL connections from TCP/IP connections, or socket, shared memory or named pipe connections. This causes operational difficulty in assessing security. Instrumentation should include: 1. Connection type information in P_S.THREADS 2. Connection type information in audit log 3. Connection type information in general log User Documentation ================== http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-8.html http://dev.mysql.com/doc/refman/5.7/en/threads-table.html http://dev.mysql.com/doc/refman/5.7/en/query-log.html http://dev.mysql.com/doc/refman/5.7/en/writing-audit-plugins.html
FR 1 : Connection types will be displayed consistently in all logging and diagnostic output: FR 1.1 : Plain TCP/IP connections (VIO_TYPE_TCPIP) will be displayed as "TCP/IP" FR 1.2 : Socket connections (VIO_TYPE_SOCKET) will be displayed as "Socket" FR 1.3 : Named pipe connections (VIO_TYPE_NAMEDPIPE) will be displayed as "Named Pipe" FR 1.4 : TCP/IP connections over SSL/TLS (VIO_TYPE_SSL) will be displayed as "SSL/TLS" FR 1.5 : Shared memory connections (VIO_TYPE_SHARED_MEMORY) will be displayed as "Shared Memory" FR 2 : PERFORMANCE_SCHEMA.THREADS table will add a new column to display connection type for each thread FR 2.1 : Column name will be "CONNECTION_TYPE" FR 2.2 : Column type will be VARCHAR(16) FR 2.3 : Internal threads will show as NULL FR 3 : Audit log connection events will display connection type connection event types FR 3.1 : Connection type information will be added in a new XML element named "CONNECTION_TYPE" FR 3.2 : QUIT event types will have an empty CONNECTION_TYPE element FR 4 : Connection type information will be reflected in general query log entries for new connections FR 4.1 : Existing general query log entries for connections will be extended with " using [connection type]"
MySQL Server supports various connection types (TCP/IP, SSH/TLS, socket, shared memory and named pipe), but information about the type of connection is not exposed to DBAs via standard interfaces. This information is needed in the following interfaces: * PERFORMANCE_SCHEMA.THREADS table * Audit log interface * Audit log file * General query log All output representation of connection type information should be consistently expressed. Upgrades from earlier versions of MySQL Server having PERFORMANCE_SCHEMA.THREADS table definition lacking the new column will be supported. Documentation will be updated to reflect changes to the audit log connection event structure.
The following modules will be modified: sql/auth/sql_authentication.cc : * Add lookup array for mapping enum_vio_type to strings * Add call to set P_S instrumentation value for connection type * Add connection type information to general query log for connection events sql/sql_audit.h : * Add connection type information to connection event notifications sql/sql_audit.cc : * Add connection type information to class handler include/msyql/plugin_audit.h : * Add connection type information to mysql_event_connection struct internal/plugin/audit_log/audit_log.cc : * Put connection type in connection type event logging storage/perfschema/pfs.cc : * Extend PSI_v1 with method for setting connection type storage/perfschema/table_threads.cc: * Extend field types to include CONNECTION_TYPE * Add connection type information to make_row() * Add connection type information to read_row_values() * Add CONNECTION_TYPE to exclusion list in update_row_values() storage/perfschema/table_threads.h: * Add connection type to row_threads struct scripts/mysql_system_tables.sql : * Modify THREADS table structure to include CONNECTION_TYPE column include/mysql/psi/psi.h : * Define method to set connection type in P_S instrumentation * Define type for connection type method include/mysql/pfs_thread_provider.h : * Define method to set connection type in P_S instrumentation
Copyright (c) 2000, 2020, Oracle Corporation and/or its affiliates. All rights reserved.