Simplified packetIO

[xhebox]

• Without the complex logic of old weir(recoding DB/username, handle authentication by itself), it is completely safe to remove most code of authenticator.go. Also, it is more resonable to parse mysql in the net package, rather than in authentication package.
• Proxy protocol will be easier to implement on a clean packetIO. The reason is that we may need to act as a server for PROXYV2 from cliens and act as a client to send PROXYV2 to servers. Sadly we can not just import blacktear23/go-proxyprotocol because it only do parsing as a server.
  • proxy: simplified packetIO and proxyv2 en(de)coding #17
  • proxy: expose proxy protocol API #25
  • Support CLIENT_DEPRECATE_EOF capability #45
  • *: support proxy-protocol #96 more methods to packetIO
  • *: support proxy protocol on reconnection #113
  • testing more details
  • TLS has internal buffer, we should not buffer twice

[djshow832]

it is completely safe to remove most code of authenticator.go

No, there are 2 reasons to parse authentication packets:

• You won't know whether to wait from the client or the server for the next packet if you don't parse it. For example, you need to parse the capability to know whether to upgrade to TLS.
• You need to record the capability, attrs, and some more information to reconnect to the new server.

[xhebox]

You won't know whether to wait from the client or the server for the next packet if you don't parse it.

We don't need to know, just forward packages in both direction if there is one. (I mean connection phase).

In handshake:

1. For client, parsing is ended once SSLRequest is identified.
2. For server, parsing is ended once initialHandshake is identified. Reconnection needs to fake handshakeResp or SSLRequest(if needed).

For example, you need to parse the capability to know whether to upgrade to TLS.

TLS is always enabled. If client does not set TLS capability, reject. Anyway, I only need to verify SSLRequest.

For server, the initialHandshake is required to be parsed. But I only need to respond with SSLRequest and HandshakeResp(with session token).

You need to record the capability, attrs, and some more information to reconnect to the new server.

Correct. I only need to record but not process. SSLRequest and HandshakeResp is enough.

it is completely safe to remove most code of authenticator.go

By this word, I mean authenticator is not for auth anymore. It is more like a part of connection management. Some common parts among client, backend and authenticator made up connection management. And I think it can be extracted out.

[djshow832]

TLS is always enabled. If client does not set TLS capability, reject.

It's incompatible with the current situation. The client doesn't need to enable TLS when using mysql_native_password. The client won't query the session token anyway.

[xhebox]

It's incompatible with the current situation. The client doesn't need to enable TLS when using mysql_native_password. The client won't query the session token anyway.

There is a workaround. If it there is no TLS, connect the default backend and pass packets until handshake is finished or ErrPacket.