diff --git a/router/src/routing/src/classic_greeting_forwarder.cc b/router/src/routing/src/classic_greeting_forwarder.cc index 5f2a4e9dc38..6d7e77cb7fa 100644 --- a/router/src/routing/src/classic_greeting_forwarder.cc +++ b/router/src/routing/src/classic_greeting_forwarder.cc @@ -425,20 +425,23 @@ void ServerGreetor::client_greeting_server_adjust_caps( ClassicProtocolState *src_protocol, ClassicProtocolState *dst_protocol) { auto client_caps = src_protocol->client_capabilities(); - if (!src_protocol->shared_capabilities().test( - classic_protocol::capabilities::pos::ssl)) { - auto attrs_res = classic_proto_decode_and_add_connection_attributes( - src_protocol->attributes(), connection() - ->socket_splicer() - ->client_conn() - .initial_connection_attributes()); + // Always add connection attributes (like _client_ip) regardless of SSL status. + // SSL-related attributes (_client_ssl_cipher, _client_ssl_version) will be + // added later in client_greeting_after_tls() after TLS handshake completes. + auto attrs_res = classic_proto_decode_and_add_connection_attributes( + src_protocol->attributes(), connection() + ->socket_splicer() + ->client_conn() + .initial_connection_attributes()); - // client hasn't set the SSL cap, this is the real client greeting - auto attrs = attrs_res.value_or(src_protocol->attributes()); + auto attrs = attrs_res.value_or(src_protocol->attributes()); - dst_protocol->sent_attributes(attrs); - src_protocol->sent_attributes(attrs); + dst_protocol->sent_attributes(attrs); + src_protocol->sent_attributes(attrs); + if (!src_protocol->shared_capabilities().test( + classic_protocol::capabilities::pos::ssl)) { + // client hasn't set the SSL cap, this is the real client greeting auto client_greeting_msg = src_protocol->client_greeting().value(); client_greeting_msg.attributes(attrs); dst_protocol->client_greeting(client_greeting_msg); @@ -675,7 +678,10 @@ ServerGreetor::client_greeting() { dst_protocol->client_capabilities(client_caps); dst_protocol->auth_method_name(src_protocol->auth_method_name()); dst_protocol->username(src_protocol->username()); - dst_protocol->attributes(src_protocol->attributes()); + // Use attributes with _client_ip added by client_greeting_server_adjust_caps + dst_protocol->attributes(src_protocol->sent_attributes().empty() + ? src_protocol->attributes() + : src_protocol->sent_attributes()); connection()->on_handshake_received(); @@ -1335,20 +1341,22 @@ void ServerFirstAuthenticator::client_greeting_server_adjust_caps( ClassicProtocolState *src_protocol, ClassicProtocolState *dst_protocol) { auto client_caps = src_protocol->client_capabilities(); + // Always add connection attributes (like _client_ip) regardless of SSL status. + // SSL-related attributes (_client_ssl_cipher, _client_ssl_version) will be + // added later in client_greeting_after_tls() after TLS handshake completes. + auto attrs_res = classic_proto_decode_and_add_connection_attributes( + src_protocol->attributes(), connection() + ->socket_splicer() + ->client_conn() + .initial_connection_attributes()); + + auto attrs = attrs_res.value_or(src_protocol->attributes()); + dst_protocol->sent_attributes(attrs); + src_protocol->sent_attributes(attrs); + if (!src_protocol->shared_capabilities().test( classic_protocol::capabilities::pos::ssl)) { auto client_greeting_msg = src_protocol->client_greeting().value(); - - auto attrs_res = classic_proto_decode_and_add_connection_attributes( - src_protocol->attributes(), connection() - ->socket_splicer() - ->client_conn() - .initial_connection_attributes()); - - auto attrs = attrs_res.value_or(src_protocol->attributes()); - dst_protocol->sent_attributes(attrs); - src_protocol->sent_attributes(attrs); - client_greeting_msg.attributes(attrs); // client hasn't set the SSL cap, this is the real client greeting