diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index a5a626153..0f8b2d699 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -950,16 +950,17 @@ configurations volatile (i.e. they are lost when maxscale is restarted), use the current runtime state of MaxScale. This makes problem analysis easier if an unexpected outage happens. -#### `max_auth_failures` +#### `max_auth_errors_until_block` The maximum number of authentication failures that are tolerated before a host is temporarily blocked. The default value is 10 failures. After a host is blocked, connections from it are rejected for 60 seconds. Note that the configured value is not a hard limit. The number of tolerated -failures is between `max_auth_failures` and `threads * max_auth_failures` where -`max_auth_failures` is the configured value of this parameter and `threads` is -the number of configured threads. +failures is between `max_auth_errors_until_block` and `threads * +max_auth_errors_until_block` where `max_auth_errors_until_block` is the +configured value of this parameter and `threads` is the number of configured +threads. ### REST API Configuration diff --git a/include/maxscale/config.hh b/include/maxscale/config.hh index baa30bb7d..f46f80edf 100644 --- a/include/maxscale/config.hh +++ b/include/maxscale/config.hh @@ -136,7 +136,7 @@ extern const char CN_LISTENERS[]; extern const char CN_LOCALHOST_MATCH_WILDCARD_HOST[]; extern const char CN_LOG_AUTH_WARNINGS[]; extern const char CN_LOG_THROTTLING[]; -extern const char CN_MAX_AUTH_FAILURES[]; +extern const char CN_MAX_AUTH_ERRORS_UNTIL_BLOCK[]; extern const char CN_MAX_CONNECTIONS[]; extern const char CN_MAX_RETRY_INTERVAL[]; extern const char CN_MAXSCALE[]; @@ -550,7 +550,7 @@ struct MXS_CONFIG char peer_password[MAX_ADMIN_HOST_LEN]; /**< Password for maxscale-to-maxscale traffic */ mxb_log_target_t log_target; /**< Log type */ bool load_persisted_configs; /**< Load persisted configuration files on startup */ - int max_auth_failures; /**< Host is blocked once this limit is reached */ + int max_auth_errors_until_block; /**< Host is blocked once this limit is reached */ }; /** diff --git a/server/core/config.cc b/server/core/config.cc index 38923b56e..af29eacf3 100644 --- a/server/core/config.cc +++ b/server/core/config.cc @@ -127,7 +127,7 @@ const char CN_LOCALHOST_MATCH_WILDCARD_HOST[] = "localhost_match_wildcard_host"; const char CN_LOCAL_ADDRESS[] = "local_address"; const char CN_LOG_AUTH_WARNINGS[] = "log_auth_warnings"; const char CN_LOG_THROTTLING[] = "log_throttling"; -const char CN_MAX_AUTH_FAILURES[] = "max_auth_failures"; +const char CN_MAX_AUTH_ERRORS_UNTIL_BLOCK[] = "max_auth_errors_until_block"; const char CN_MAXSCALE[] = "maxscale"; const char CN_MAX_CONNECTIONS[] = "max_connections"; const char CN_MAX_RETRY_INTERVAL[] = "max_retry_interval"; @@ -2754,17 +2754,17 @@ static int handle_global_item(const char* name, const char* value) return 0; } } - else if (strcmp(name, CN_MAX_AUTH_FAILURES) == 0) + else if (strcmp(name, CN_MAX_AUTH_ERRORS_UNTIL_BLOCK) == 0) { char* endptr; int intval = strtol(value, &endptr, 0); if (*endptr == '\0' && intval > 0) { - gateway.max_auth_failures = intval; + gateway.max_auth_errors_until_block = intval; } else { - MXS_ERROR("Invalid value for '%s': %s", CN_MAX_AUTH_FAILURES, value); + MXS_ERROR("Invalid value for '%s': %s", CN_MAX_AUTH_ERRORS_UNTIL_BLOCK, value); return 0; } } @@ -2989,7 +2989,7 @@ void config_set_global_defaults() gateway.passive = false; gateway.promoted_at = 0; gateway.load_persisted_configs = true; - gateway.max_auth_failures = DEFAULT_MAX_AUTH_FAILURES; + gateway.max_auth_errors_until_block = DEFAULT_MAX_AUTH_ERRORS_UNTIL_BLOCK; gateway.peer_hosts[0] = '\0'; gateway.peer_user[0] = '\0'; @@ -4725,7 +4725,7 @@ json_t* config_maxscale_to_json(const char* host) json_object_set_new(param, CN_RETAIN_LAST_STATEMENTS, json_integer(session_get_retain_last_statements())); json_object_set_new(param, CN_DUMP_LAST_STATEMENTS, json_string(session_get_dump_statements_str())); json_object_set_new(param, CN_LOAD_PERSISTED_CONFIGS, json_boolean(cnf->load_persisted_configs)); - json_object_set_new(param, CN_MAX_AUTH_FAILURES, json_integer(cnf->max_auth_failures)); + json_object_set_new(param, CN_MAX_AUTH_ERRORS_UNTIL_BLOCK, json_integer(cnf->max_auth_errors_until_block)); json_t* attr = json_object(); time_t started = maxscale_started(); diff --git a/server/core/config_runtime.cc b/server/core/config_runtime.cc index 1438b38f4..7d8b7ac13 100644 --- a/server/core/config_runtime.cc +++ b/server/core/config_runtime.cc @@ -1089,20 +1089,20 @@ bool runtime_alter_maxscale(const char* name, const char* value) CN_DUMP_LAST_STATEMENTS); } } - else if (key == CN_MAX_AUTH_FAILURES) + else if (key == CN_MAX_AUTH_ERRORS_UNTIL_BLOCK) { if (int intval = get_positive_int(value)) { MXS_NOTICE("Updated '%s' from %d to %d", - CN_MAX_AUTH_FAILURES, - cnf.max_auth_failures, + CN_MAX_AUTH_ERRORS_UNTIL_BLOCK, + cnf.max_auth_errors_until_block, intval); - cnf.max_auth_failures = intval; + cnf.max_auth_errors_until_block = intval; rval = true; } else { - config_runtime_error("Invalid value for '%s': %s", CN_MAX_AUTH_FAILURES, value); + config_runtime_error("Invalid value for '%s': %s", CN_MAX_AUTH_ERRORS_UNTIL_BLOCK, value); } } else if (config_can_modify_at_runtime(key.c_str())) diff --git a/server/core/internal/config.hh b/server/core/internal/config.hh index 515a218b7..c25c60d7f 100644 --- a/server/core/internal/config.hh +++ b/server/core/internal/config.hh @@ -25,14 +25,14 @@ #include #include -#define DEFAULT_NBPOLLS 3 /**< Default number of non block polls before we block */ -#define DEFAULT_POLLSLEEP 1000 /**< Default poll wait time (milliseconds) */ -#define DEFAULT_NTHREADS 1 /**< Default number of polling threads */ -#define DEFAULT_QUERY_RETRIES 1 /**< Number of retries for interrupted queries */ -#define DEFAULT_QUERY_RETRY_TIMEOUT 5 /**< Timeout for query retries */ -#define MIN_WRITEQ_HIGH_WATER 4096UL /**< Min high water mark of dcb write queue */ -#define MIN_WRITEQ_LOW_WATER 512UL /**< Min low water mark of dcb write queue */ -#define DEFAULT_MAX_AUTH_FAILURES 10 /**< Max allowed authentication failures */ +#define DEFAULT_NBPOLLS 3 /**< Default number of non block polls before we block */ +#define DEFAULT_POLLSLEEP 1000 /**< Default poll wait time (milliseconds) */ +#define DEFAULT_NTHREADS 1 /**< Default number of polling threads */ +#define DEFAULT_QUERY_RETRIES 1 /**< Number of retries for interrupted queries */ +#define DEFAULT_QUERY_RETRY_TIMEOUT 5 /**< Timeout for query retries */ +#define MIN_WRITEQ_HIGH_WATER 4096UL /**< Min high water mark of dcb write queue */ +#define MIN_WRITEQ_LOW_WATER 512UL /**< Min low water mark of dcb write queue */ +#define DEFAULT_MAX_AUTH_ERRORS_UNTIL_BLOCK 10 /**< Max allowed authentication failures */ /** * Maximum length for configuration parameter value. diff --git a/server/core/listener.cc b/server/core/listener.cc index 5faa9d626..cdd38d7c4 100644 --- a/server/core/listener.cc +++ b/server/core/listener.cc @@ -82,7 +82,7 @@ public: u.failures = 0; } - rval = u.failures >= config_get_global_options()->max_auth_failures; + rval = u.failures >= config_get_global_options()->max_auth_errors_until_block; } return rval;